#VU33364 Out-of-bounds read in Fedoraproject products - CVE-2019-11047

Cybersecurity Help s.r.o.

Published: 2019-12-23 | Updated: 2020-08-04

Vulnerability identifier: #VU33364

Vulnerability risk: Medium

CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2019-11047

CWE-ID: CWE-125

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
PHP
Universal components / Libraries / Scripting languages
Debian Linux
Operating systems & Components / Operating system
Fedora
Operating systems & Components / Operating system

Vendor: PHP Group
Debian
Fedoraproject

Description

The vulnerability allows a remote non-authenticated attacker to #BASIC_IMPACT#.

When PHP EXIF extension is parsing EXIF information from an image, e.g. via exif_read_data() function, in PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0 it is possible to supply it with data what will cause it to read past the allocated buffer. This may lead to information disclosure or crash.

Mitigation
Install update from vendor's website.

Vulnerable software versions

PHP: 7.4.0

Debian Linux: 7.4.0 - 8.0

Fedora: 7.4.0 - 31

External links
https://lists.opensuse.org/opensuse-security-announce/2020-01/msg00036.html
https://bugs.php.net/bug.php?id=78910
https://lists.debian.org/debian-lts-announce/2019/12/msg00034.html
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/N7GCOAE6KVHYJ3UQ4KLPLTGSLX6IRVRN/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XWRQPYXVG43Q7DXMXH6UVWMKWGUW552F/
https://seclists.org/bugtraq/2020/Feb/27
https://seclists.org/bugtraq/2020/Feb/31
https://security.netapp.com/advisory/ntap-20200103-0002/
https://usn.ubuntu.com/4239-1/
https://www.debian.org/security/2020/dsa-4626
https://www.debian.org/security/2020/dsa-4628