CVE-2019-9639Use of Uninitialized Resource in PHP

CWE-908Use of Uninitialized ResourceCWE-909Missing Initialization of ResourceCWE-665Improper Initialization12 documents7 sources
Severity
7.5HIGHNVD
EPSS
14.5%
top 5.53%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
6
PHPPhp5Canonical Ubuntu Linux+3 more
Timeline
PublishedMar 9
Latest updateMay 13

Description

An issue was discovered in the EXIF component in PHP before 7.1.27, 7.2.x before 7.2.16, and 7.3.x before 7.3.3. There is an uninitialized read in exif_process_IFD_in_MAKERNOTE because of mishandling the data_len variable.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages4 packages

NVDphp/php7.2.07.2.16+2
Ubuntuphp5/php5< 5.5.9+dfsg-1ubuntu4.29
NVDopensuse/leap15.0, 15.1, 42.3+2

Also affects: Debian Linux 8.0, 9.0, Ubuntu Linux 12.04, 14.04, 16.04, 18.04, 18.10

Patches

Patch: security.netapp.comPatch: security.netapp.com

🔴Vulnerability Details

5
GHSA
GHSA-h9xv-q955-564m: An issue was discovered in the EXIF component in PHP before 72022-05-13
OSV
php5 vulnerabilities2019-04-23
OSV
php7.0, php7.2 vulnerabilities2019-03-26
OSV
CVE-2019-9639: An issue was discovered in the EXIF component in PHP before 72019-03-08
CVEList
CVE-2019-9639: An issue was discovered in the EXIF component in PHP before 72019-03-08

📋Vendor Advisories

4
Ubuntu
PHP vulnerabilities2019-04-25
Ubuntu
PHP vulnerabilities2019-04-23
Ubuntu
PHP vulnerabilities2019-03-26
Red Hat
php: Uninitialized read in exif_process_IFD_in_MAKERNOTE2019-02-23

💬Community

2
Bugzilla
CVE-2019-9639 php: Uninitialized read in exif_process_IFD_in_MAKERNOTE2019-03-14
Bugzilla
CVE-2019-9639 php: Uninitialized read in exif_process_IFD_in_MAKERNOTE [fedora-all]2019-03-14
CVE-2019-9639 — Use of Uninitialized Resource in PHP | cvebase