Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
9.1
CVSSv3

CVE-2019-11036

Published: 03/05/2019 Updated: 07/11/2023
CVSS v2 Base Score: 6.4 | Impact Score: 4.9 | Exploitability Score: 10
CVSS v3 Base Score: 9.1 | Impact Score: 5.2 | Exploitability Score: 3.9
VMScore: 570
Vector: AV:N/AC:L/Au:N/C:P/I:N/A:P
Subscribe to Php

Vulnerability Summary

It exists that PHP incorrectly handled certain exif tags in images. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly obtain sensitive information. (CVE-2019-11036)

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

php php

fedoraproject fedora 28

fedoraproject fedora 29

fedoraproject fedora 30

redhat software collections 1.0

canonical ubuntu linux 16.04

canonical ubuntu linux 12.04

canonical ubuntu linux 18.04

canonical ubuntu linux 18.10

canonical ubuntu linux 19.04

canonical ubuntu linux 14.04

debian debian linux 8.0

debian debian linux 9.0

debian debian linux 10.0

opensuse leap 42.3

opensuse leap 15.0

opensuse leap 15.1

Vendor Advisories

Debian CVElist Bug Report Logs: php7.3: CVE-2019-11036
Debian Bug report logs - #928421 php73: CVE-2019-11036 Package: src:php73; Maintainer for src:php73 is Debian PHP Maintainers <team+pkg-php@trackerdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Sat, 4 May 2019 08:48:02 UTC Severity: important Tags: fixed-upstream, security, upstream Fo ...
Red Hat: Moderate: php:7.2 security, bug fix, and enhancement update
Synopsis Moderate: php:72 security, bug fix, and enhancement update Type/Severity Security Advisory: Moderate Topic An update for the php:72 module is now available for Red Hat Enterprise Linux 8Red Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability ...
Red Hat: Moderate: rh-php71-php security, bug fix, and enhancement update
Synopsis Moderate: rh-php71-php security, bug fix, and enhancement update Type/Severity Security Advisory: Moderate Topic An update for rh-php71-php is now available for Red Hat Software CollectionsRed Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerabilit ...
Red Hat: Critical: rh-php72-php security update
Synopsis Critical: rh-php72-php security update Type/Severity Security Advisory: Critical Topic An update for rh-php72-php is now available for Red Hat Software CollectionsRed Hat Product Security has rated this update as having a security impact of Critical A Common Vulnerability Scoring System (CVSS) ba ...
Ubuntu Security Notice: php7.0, php7.2 vulnerabilities
Several security issues were fixed in PHP ...
Ubuntu Security Notice: php5 vulnerabilities
Several security issues were fixed in PHP ...
Debian Security Advisories: DSA-4529-1 php7.0 -- security update
Multiple security issues were found in PHP, a widely-used open source general purpose scripting language: Missing sanitising in the EXIF extension and the iconv_mime_decode_headers() function could result in information disclosure or denial of service For the oldstable distribution (stretch), these problems have been fixed in version 7033-0+deb9 ...
Debian Security Advisories: DSA-4527-1 php7.3 -- security update
Multiple security issues were found in PHP, a widely-used open source general purpose scripting language: Missing sanitising in the EXIF extension and the iconv_mime_decode_headers() function could result in information disclosure or denial of service For the stable distribution (buster), these problems have been fixed in version 739-1~deb10u1 ...
Amazon Linux AMI: ALAS-2019-1225
When processing certain files, PHP EXIF extension in versions 71x below 7128, 72x below 7217 and 73x below 734 can be caused to read past allocated buffer in exif_iif_add_value function This may lead to information disclosure or crash (CVE-2019-11035) When processing certain files, PHP EXIF extension in versions 71x below 7128, 7 ...
Red Hat: CVE-2019-11036
Impact: Low Public Date: 2019-05-02 CWE: CWE-122 Bugzilla: 1707299: CVE-2019-11036 php: buffer over-rea ...

References

CWE-125https://bugs.php.net/bug.php?id=77950http://www.securityfocus.com/bid/108177https://security.netapp.com/advisory/ntap-20190517-0003/https://usn.ubuntu.com/3566-2/https://lists.debian.org/debian-lts-announce/2019/05/msg00035.htmlhttp://lists.opensuse.org/opensuse-security-announce/2019-06/msg00012.htmlhttp://lists.opensuse.org/opensuse-security-announce/2019-06/msg00010.htmlhttps://usn.ubuntu.com/4009-1/http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00041.htmlhttp://lists.opensuse.org/opensuse-security-announce/2019-06/msg00044.htmlhttps://access.redhat.com/errata/RHSA-2019:2519https://seclists.org/bugtraq/2019/Sep/35https://www.debian.org/security/2019/dsa-4527https://seclists.org/bugtraq/2019/Sep/38https://www.debian.org/security/2019/dsa-4529https://access.redhat.com/errata/RHSA-2019:3299https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3BY2XUUAN277LS7HKAOGL4DVGAELOJV3/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2NFXYNCXZCPYT7ZN4ZLI5EPQQW44FRRO/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WN2HLPGEZEF4MFM5YC5FILZB5QEQFP3A/https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=928421https://nvd.nist.govhttps://usn.ubuntu.com/4009-1/
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4040privilege escalationCVE-2024-4112CVE-2024-32872man-in-the-middleCVE-2024-32788bypassCVE-2024-3400CVE-2024-28976
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook