CVE-2019-9641Use of Uninitialized Resource in PHP

CWE-908Use of Uninitialized ResourceCWE-665Improper Initialization14 documents9 sources
Severity
9.8CRITICALNVD
OSV7.5
EPSS
52.1%
top 2.08%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
5
PHPPhp5Canonical Ubuntu Linux+2 more
Timeline
PublishedMar 9
Latest updateJan 27

Description

An issue was discovered in the EXIF component in PHP before 7.1.27, 7.2.x before 7.2.16, and 7.3.x before 7.3.3. There is an uninitialized read in exif_process_IFD_in_TIFF.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages3 packages

NVDphp/php7.2.07.2.16+2
Ubuntuphp5/php5< 5.5.9+dfsg-1ubuntu4.29
NVDopensuse/leap15.0, 15.1, 42.3+2

Also affects: Debian Linux 8.0, 9.0, Ubuntu Linux 12.04, 14.04, 16.04, 18.04, 18.10

Patches

Patch: bugs.php.netPatch: security.netapp.comPatch: bugs.php.net

🔴Vulnerability Details

4
GHSA
GHSA-wvm5-62cm-hw4m: An issue was discovered in the EXIF component in PHP before 72022-05-13
OSV
php5 vulnerabilities2019-04-23
OSV
php7.0, php7.2 vulnerabilities2019-03-26
OSV
CVE-2019-9641: An issue was discovered in the EXIF component in PHP before 72019-03-08

📋Vendor Advisories

5
CISA ICS
Festo Didactic SE MES PC2026-01-27
Ubuntu
PHP vulnerabilities2019-04-25
Ubuntu
PHP vulnerabilities2019-04-23
Ubuntu
PHP vulnerabilities2019-03-26
Red Hat
php: Uninitialized read in exif_process_IFD_in_TIFF2019-01-23

📄Research Papers

1
arXiv
A Comparative Study of Fuzzers and Static Analysis Tools for Finding Memory Unsafety in C and C++2025-05-28

💬Community

3
HackerOne
Uninitialized read in exif_process_IFD_in_TIFF2020-10-10
Bugzilla
CVE-2019-9641 php: Uninitialized read in exif_process_IFD_in_TIFF [fedora-all]2019-03-14
Bugzilla
CVE-2019-9641 php: Uninitialized read in exif_process_IFD_in_TIFF2019-03-14