CVSS: 9.1EPSS: 1%CPEs: 19EXPL: 0CVE-2019-11036 – Heap over-read in PHP EXIF extension
https://notcve.org/view.php?id=CVE-2019-11036
03 May 2019 — When processing certain files, PHP EXIF extension in versions 7.1.x below 7.1.29, 7.2.x below 7.2.18 and 7.3.x below 7.3.5 can be caused to read past allocated buffer in exif_process_IFD_TAG function. This may lead to information disclosure or crash. Al procesar ciertos archivos, la extensión PHP EXIF en las versiones 7.1.x anteriores a 7.1.29, 7.2.x anteriores a 7.2.18 y 7.3.x anteriores a 7.3.5, puede hacer que se lea el búfer asignado en la función exif_process_IFD_TAG. Esto puede conducir a la revelació... • http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00010.html • CWE-122: Heap-based Buffer Overflow CWE-125: Out-of-bounds Read CWE-126: Buffer Over-read •
CVSS: 9.1EPSS: 1%CPEs: 16EXPL: 1CVE-2019-11035 – Heap over-read in PHP EXIF extension
https://notcve.org/view.php?id=CVE-2019-11035
18 Apr 2019 — When processing certain files, PHP EXIF extension in versions 7.1.x below 7.1.28, 7.2.x below 7.2.17 and 7.3.x below 7.3.4 can be caused to read past allocated buffer in exif_iif_add_value function. This may lead to information disclosure or crash. Al procesar ciertos archivos, la extensión PHP EXIF en las versiones 7.1.x anteriores a la 7.1.28, 7.2.x anteriores a la 7.2.17 y 7.3.x anteriores a la 7.3.4 puede hacer que se lea el búfer asignado en la función exif_iif_add_value. Esto puede conducir a la revel... • http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00010.html • CWE-122: Heap-based Buffer Overflow CWE-125: Out-of-bounds Read •
CVSS: 9.1EPSS: 1%CPEs: 16EXPL: 0CVE-2019-11034 – Heap over-read in PHP EXIF extension
https://notcve.org/view.php?id=CVE-2019-11034
18 Apr 2019 — When processing certain files, PHP EXIF extension in versions 7.1.x below 7.1.28, 7.2.x below 7.2.17 and 7.3.x below 7.3.4 can be caused to read past allocated buffer in exif_process_IFD_TAG function. This may lead to information disclosure or crash. Al procesar ciertos archivos, la extensión PHP EXIF en las versiones 7.1.x anteriores a la 7.1.28, 7.2.x anteriores a la 7.2.17 y 7.3.x anteriores a la 7.3.4 puede hacer que se lea el buffer asignado en la función exif_process_IFD_TAG. Esto puede conducir a la ... • http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00010.html • CWE-122: Heap-based Buffer Overflow CWE-125: Out-of-bounds Read •
CVSS: 8.1EPSS: 1%CPEs: 5EXPL: 0CVE-2019-9675 – Ubuntu Security Notice USN-3922-3
https://notcve.org/view.php?id=CVE-2019-9675
11 Mar 2019 — An issue was discovered in PHP 7.x before 7.1.27 and 7.3.x before 7.3.3. phar_tar_writeheaders_int in ext/phar/tar.c has a buffer overflow via a long link value. NOTE: The vendor indicates that the link value is used only when an archive contains a symlink, which currently cannot happen: "This issue allows theoretical compromise of security, but a practical attack is usually impossible. ** EN DISPUTA ** Se ha detectado un fallo en PHP, en las versiones 7.x anteriores a la 7.1.27 y en las 7.3.x anteriores a ... • http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00104.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.8EPSS: 1%CPEs: 14EXPL: 2CVE-2019-9641 – Ubuntu Security Notice USN-3922-1
https://notcve.org/view.php?id=CVE-2019-9641
08 Mar 2019 — An issue was discovered in the EXIF component in PHP before 7.1.27, 7.2.x before 7.2.16, and 7.3.x before 7.3.3. There is an uninitialized read in exif_process_IFD_in_TIFF. Se ha detectado un fallo en el componente EXIF en PHP, en versiones anteriores a la 7.1.27, en las 7.2.x anteriores a la 7.2.16 y en las 7.3.x anteriores a la 7.3.3. Hay una lectura no inicializada en exif_process_IFD_in_TIFF. It was discovered that PHP incorrectly handled certain inputs. • https://github.com/Schnaidr/CVE-2019-9641-php-RCE • CWE-908: Use of Uninitialized Resource •
CVSS: 7.5EPSS: 0%CPEs: 12EXPL: 0CVE-2019-9637 – php: File rename across filesystems may allow unwanted access during processing
https://notcve.org/view.php?id=CVE-2019-9637
08 Mar 2019 — An issue was discovered in PHP before 7.1.27, 7.2.x before 7.2.16, and 7.3.x before 7.3.3. Due to the way rename() across filesystems is implemented, it is possible that file being renamed is briefly available with wrong permissions while the rename is ongoing, thus enabling unauthorized users to access the data. Se ha detectado un fallo en PHP en versiones anteriores a la 7.1.27, en las 7.2.x anteriores a la 7.2.16 y en las 7.3.x anteriores a la 7.3.3. Debido a la manera en la que "rename()" se implementa ... • http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00104.html • CWE-264: Permissions, Privileges, and Access Controls CWE-266: Incorrect Privilege Assignment •
CVSS: 7.5EPSS: 0%CPEs: 15EXPL: 1CVE-2019-9640 – php: Invalid read in exif_process_SOFn()
https://notcve.org/view.php?id=CVE-2019-9640
08 Mar 2019 — An issue was discovered in the EXIF component in PHP before 7.1.27, 7.2.x before 7.2.16, and 7.3.x before 7.3.3. There is an Invalid Read in exif_process_SOFn. Se ha detectado un fallo en el componente EXIF en PHP, en versiones anteriores a la 7.1.27, en las 7.2.x anteriores a la 7.2.16 y en las 7.3.x anteriores a la 7.3.3. Hay una lectura inválida en exif_process_SOFn. USN-3922-1 fixed several vulnerabilities in PHP. • http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00104.html • CWE-125: Out-of-bounds Read •
CVSS: 7.5EPSS: 0%CPEs: 15EXPL: 1CVE-2019-9638 – php: Uninitialized read in exif_process_IFD_in_MAKERNOTE
https://notcve.org/view.php?id=CVE-2019-9638
08 Mar 2019 — An issue was discovered in the EXIF component in PHP before 7.1.27, 7.2.x before 7.2.16, and 7.3.x before 7.3.3. There is an uninitialized read in exif_process_IFD_in_MAKERNOTE because of mishandling the maker_note->offset relationship to value_len. Se ha detectado un fallo en el componente EXIF en PHP, en versiones anteriores a la 7.1.27, en las 7.2.x anteriores a la 7.2.16 y en las 7.3.x anteriores a la 7.3.3. Hay una lectura no inicializada en exif_process_IFD_in_MAKERNOTE debido a la mala gestión de mak... • http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00104.html • CWE-125: Out-of-bounds Read CWE-665: Improper Initialization •
CVSS: 7.5EPSS: 0%CPEs: 15EXPL: 1CVE-2019-9639 – php: Uninitialized read in exif_process_IFD_in_MAKERNOTE
https://notcve.org/view.php?id=CVE-2019-9639
08 Mar 2019 — An issue was discovered in the EXIF component in PHP before 7.1.27, 7.2.x before 7.2.16, and 7.3.x before 7.3.3. There is an uninitialized read in exif_process_IFD_in_MAKERNOTE because of mishandling the data_len variable. Se ha detectado un fallo en el componente EXIF en PHP, en versiones anteriores a la 7.1.27, en las 7.2.x anteriores a la 7.2.16 y en las 7.3.x anteriores a la 7.3.3. Hay una lectura no inicializada en exif_process_IFD_in_MAKERNOTE debido a la mala gestión de la variable data_len. PHP is a... • http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00104.html • CWE-665: Improper Initialization CWE-908: Use of Uninitialized Resource CWE-909: Missing Initialization of Resource •
CVSS: 7.5EPSS: 2%CPEs: 9EXPL: 1CVE-2019-9022 – php: memcpy with negative length via crafted DNS response
https://notcve.org/view.php?id=CVE-2019-9022
22 Feb 2019 — An issue was discovered in PHP 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.2. dns_get_record misparses a DNS response, which can allow a hostile DNS server to cause PHP to misuse memcpy, leading to read operations going past the buffer allocated for DNS data. This affects php_parserr in ext/standard/dns.c for DNS_CAA and DNS_ANY queries. Se ha descubierto un problema en PHP, en versiones 7.x anteriores a la 7.1.26, versiones 7.2.x anteriores a la 7.2.14 y versiones 7.3.x anteriores a la 7.3... • http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00041.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-125: Out-of-bounds Read •