Information disclosure

2019-12-2303:15:00

PRIOn knowledge base

www.prio-n.com

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L

7.3 High

AI Score

Confidence

High

6.4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:N/A:P

0.004 Low

EPSS

Percentile

73.1%

JSON

When PHP EXIF extension is parsing EXIF information from an image, e.g. via exif_read_data() function, in PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0 it is possible to supply it with data what will cause it to read past the allocated buffer. This may lead to information disclosure or crash.

CPENameOperatorVersion
ubuntu_linuxeq16.04
ubuntu_linuxeq18.04
ubuntu_linuxeq19.04
ubuntu_linuxeq14.04
ubuntu_linuxeq12.04
debian_linuxeq8.0
debian_linuxeq9.0
debian_linuxeq10.0
fedoraeq30
fedoraeq31

Name	Operator	Version
ubuntu_linux	eq	16.04
ubuntu_linux	eq	18.04
ubuntu_linux	eq	19.04
ubuntu_linux	eq	14.04
ubuntu_linux	eq	12.04
debian_linux	eq	8.0
debian_linux	eq	9.0
debian_linux	eq	10.0
fedora	eq	30
fedora	eq	31