CVE-2019-9638
09.03.2019, 00:29
An issue was discovered in the EXIF component in PHP before 7.1.27, 7.2.x before 7.2.16, and 7.3.x before 7.3.3. There is an uninitialized read in exif_process_IFD_in_MAKERNOTE because of mishandling the maker_note->offset relationship to value_len.Enginsight
Vendor | Product | Version |
---|---|---|
php | php | 𝑥 < 7.1.27 |
php | php | 7.2.0 ≤ 𝑥 < 7.2.16 |
php | php | 7.3.0 ≤ 𝑥 < 7.3.3 |
debian | debian_linux | 8.0 |
debian | debian_linux | 9.0 |
canonical | ubuntu_linux | 12.04 |
canonical | ubuntu_linux | 14.04 |
canonical | ubuntu_linux | 16.04 |
canonical | ubuntu_linux | 18.04 |
canonical | ubuntu_linux | 18.10 |
opensuse | leap | 15.0 |
opensuse | leap | 15.1 |
opensuse | leap | 42.3 |
netapp | storage_automation_store | - |
redhat | software_collections | 1.0 |
𝑥
= Vulnerable software versions

Ubuntu Releases
Ubuntu Product | |||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|
php5 |
| ||||||||||
php7.0 |
| ||||||||||
php7.2 |
| ||||||||||
php7.3 |
|
Common Weakness Enumeration
References