CVE-2019-9640Out-of-bounds Read in PHP

CWE-125Out-of-bounds Read13 documents8 sources
Severity
7.5HIGHNVD
EPSS
16.2%
top 5.17%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
6
PHPPhp5Canonical Ubuntu Linux+3 more
Timeline
PublishedMar 9
Latest updateMay 13

Description

An issue was discovered in the EXIF component in PHP before 7.1.27, 7.2.x before 7.2.16, and 7.3.x before 7.3.3. There is an Invalid Read in exif_process_SOFn.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages4 packages

NVDphp/php7.1.07.1.27+2
Ubuntuphp5/php5< 5.5.9+dfsg-1ubuntu4.29
NVDopensuse/leap15.0, 15.1, 42.3+2

Also affects: Debian Linux 8.0, 9.0, Ubuntu Linux 12.04, 14.04, 16.04, 18.04, 18.10

Patches

Patch: bugs.php.netPatch: security.netapp.comPatch: bugs.php.net

🔴Vulnerability Details

5
GHSA
GHSA-xcj5-5h7j-93q8: An issue was discovered in the EXIF component in PHP before 72022-05-13
OSV
php5 vulnerabilities2019-04-23
OSV
php7.0, php7.2 vulnerabilities2019-03-26
CVEList
CVE-2019-9640: An issue was discovered in the EXIF component in PHP before 72019-03-08
OSV
CVE-2019-9640: An issue was discovered in the EXIF component in PHP before 72019-03-08

📋Vendor Advisories

4
Ubuntu
PHP vulnerabilities2019-04-25
Ubuntu
PHP vulnerabilities2019-04-23
Ubuntu
PHP vulnerabilities2019-03-26
Red Hat
php: Invalid read in exif_process_SOFn()2019-01-29

💬Community

3
HackerOne
Invalid Read on exif_process_SOFn2020-10-10
Bugzilla
CVE-2019-9640 php: Invalid Read on exif_process_SOFn [fedora-all]2019-03-14
Bugzilla
CVE-2019-9640 php: Invalid read in exif_process_SOFn()2019-03-14
CVE-2019-9640 — Out-of-bounds Read in PHP | cvebase