7 matches found
SUSE CVE-2019-11047
When PHP EXIF extension is parsing EXIF information from an image, e.g. via exifreaddata function, in PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0 it is possible to supply it with data what will cause it to read past the allocated buffer. This may lead to information disclosure o...
php: Information disclosure in exif_read_data() function
In PHP versions 7.2.x below 7.2.9, 7.3.x below 7.3.16 and 7.4.x below 7.4.4, while parsing EXIF data with exifreaddata function, it is possible for malicious data to cause PHP to read one byte of uninitialized memory. This could potentially lead to information disclosure or crash...
Amazon Linux AMI : php73 (ALAS-2020-1368)
The version of php73 installed on the remote host is prior to 7.3.17-1.25. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS-2020-1368 advisory. In PHP versions 7.2.x below 7.2.9, 7.3.x below 7.3.16 and 7.4.x below 7.4.34, while parsing EXIF data with exifreaddata...
DEBIAN-CVE-2020-7064
In PHP versions 7.2.x below 7.2.9, 7.3.x below 7.3.16 and 7.4.x below 7.4.4, while parsing EXIF data with exifreaddata function, it is possible for malicious data to cause PHP to read one byte of uninitialized memory. This could potentially lead to information disclosure or crash...
UBUNTU-CVE-2019-11040
When PHP EXIF extension is parsing EXIF information from an image, e.g. via exifreaddata function, in PHP versions 7.1.x below 7.1.30, 7.2.x below 7.2.19 and 7.3.x below 7.3.6 it is possible to supply it with data what will cause it to read past the allocated buffer. This may lead to information...
Out-of-bounds
The exifdataloaddata function in exif-data.c in the EXIF Tag Parsing Library aka libexif before 0.6.21 allows remote attackers to cause a denial of service out-of-bounds read or possibly obtain sensitive information from process memory via crafted EXIF tags in an image...
libexif library integer overflow
Integer overflow on EXIF data parsing...