First published: Tue Dec 17 2019(Updated: )
A vulnerability was found in PHP EXIF extension is parsing EXIF information from an image, e.g. via exif_read_data() function, in PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0 it is possible to supply it with data what will cause it to read past the allocated buffer. This may lead to information disclosure or crash. Reference: <a href="https://bugs.php.net/bug.php?id=78910">https://bugs.php.net/bug.php?id=78910</a>
Credit: security@php.net security@php.net
Affected Software | Affected Version | How to fix |
---|---|---|
redhat/rh-php73-php | <0:7.3.20-1.el7 | 0:7.3.20-1.el7 |
PHP PHP | >=7.2.0<7.2.26 | |
PHP PHP | >=7.3.0<7.3.13 | |
PHP PHP | =7.4.0 | |
Fedoraproject Fedora | =30 | |
Fedoraproject Fedora | =31 | |
Debian Debian Linux | =8.0 | |
Debian Debian Linux | =9.0 | |
Debian Debian Linux | =10.0 | |
Canonical Ubuntu Linux | =12.04 | |
Canonical Ubuntu Linux | =14.04 | |
Canonical Ubuntu Linux | =16.04 | |
Canonical Ubuntu Linux | =18.04 | |
Canonical Ubuntu Linux | =19.04 | |
Canonical Ubuntu Linux | =19.10 | |
PHP PHP | <7.2.26 | 7.2.26 |
redhat/php 7.2Git-2019-12 | <04 | 04 |
debian/php5 | ||
debian/php7.0 | ||
debian/php7.3 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2019-11047 is a fixed bug related to a heap-buffer-overflow read vulnerability in the PHP EXIF extension.
Yes, PHP version 7.4.0 is affected by CVE-2019-11047.
You can check if your PHP version is affected by CVE-2019-11047 by referring to the affected software list or by checking the PHP version against the known vulnerable versions (7.2.x below 7.2.26, 7.3.x below 7.3.13, and 7.4.0).
CVE-2019-11047 has a severity rating of 6.5 (medium).
To fix the CVE-2019-11047 vulnerability, you should update PHP to a patched version (7.2.26 or later, 7.3.13 or later, or 7.4.0 or later) or apply any available security patches provided by your operating system or software vendor.