Linux Distros Unpatched Vulnerability : CVE-2020-1917

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - xbufformatconverter, used as part of exifreaddata, was appending a terminating null character to the generated string, but was not using its standard append cha...

BIT-LIBPHP-2020-7064 Use-of-uninitialized-value in exif

In PHP versions 7.2.x below 7.2.9, 7.3.x below 7.3.16 and 7.4.x below 7.4.4, while parsing EXIF data with exifreaddata function, it is possible for malicious data to cause PHP to read one byte of uninitialized memory. This could potentially lead to information disclosure or crash...

SUSE CVE-2004-1065

Buffer overflow in the exifreaddata function in PHP before 4.3.10 and PHP 5.x up to 5.0.2 allows remote attackers to execute arbitrary code via a long section name in an image file...

UBUNTU-CVE-2020-1917

xbufformatconverter, used as part of exifreaddata, was appending a terminating null character to the generated string, but was not using its standard append char function. As a result, if the buffer was full, it would result in an out-of-bounds write. This issue affects HHVM versions prior to...

php: Buffer over-read in exif_read_data()

When PHP EXIF extension is parsing EXIF information from an image, e.g. via exifreaddata function, in PHP versions 7.1.x below 7.1.30, 7.2.x below 7.2.19 and 7.3.x below 7.3.6 it is possible to supply it with data what will cause it to read past the allocated buffer. This may lead to information...

php: Information disclosure in exif_read_data() function

In PHP versions 7.2.x below 7.2.9, 7.3.x below 7.3.16 and 7.4.x below 7.4.4, while parsing EXIF data with exifreaddata function, it is possible for malicious data to cause PHP to read one byte of uninitialized memory. This could potentially lead to information disclosure or crash...

PT-2020-2411 · Php +8 · Php +8

Name of the Vulnerable Software and Affected Versions: PHP versions 7.2.x below 7.2.9 PHP versions 7.3.x below 7.3.16 PHP versions 7.4.x below 7.4.4 Description: The issue is related to the exif read data function in PHP, which can cause the language to read one byte of uninitialized memory while...

CVE-2019-11050

When PHP EXIF extension is parsing EXIF information from an image, e.g. via exifreaddata function, in PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0 it is possible to supply it with data what will cause it to read past the allocated buffer. This may lead to information disclosure o...

PT-2019-4739 · Php +7 · Php +7

Name of the Vulnerable Software and Affected Versions: PHP versions 7.2.x through 7.2.25 PHP versions 7.3.x through 7.3.12 PHP version 7.4.0 Description: The issue is related to the PHP EXIF extension when parsing EXIF information from an image, for example, via the exif read data function. It is...

php: Buffer over-read in exif_read_data()

When PHP EXIF extension is parsing EXIF information from an image, e.g. via exifreaddata function, in PHP versions 7.1.x below 7.1.30, 7.2.x below 7.2.19 and 7.3.x below 7.3.6 it is possible to supply it with data what will cause it to read past the allocated buffer. This may lead to information...

php: Buffer over-read in exif_read_data()

When PHP EXIF extension is parsing EXIF information from an image, e.g. via exifreaddata function, in PHP versions 7.1.x below 7.1.30, 7.2.x below 7.2.19 and 7.3.x below 7.3.6 it is possible to supply it with data what will cause it to read past the allocated buffer. This may lead to information...

UBUNTU-CVE-2019-11042

When PHP EXIF extension is parsing EXIF information from an image, e.g. via exifreaddata function, in PHP versions 7.1.x below 7.1.31, 7.2.x below 7.2.21 and 7.3.x below 7.3.8 it is possible to supply it with data what will cause it to read past the allocated buffer. This may lead to information...

PHP out-of-bounds read vulnerability (CNVD-2018-09229)

PHP PHP: Hypertext Preprocessor is an open source general-purpose computer scripting language maintained by the PHP Group and the open source community. The language is mainly used for Web development and supports a variety of databases and operating systems. A security vulnerability exists in th...

php: Out-of-bounds heap memory read in exif_read_data() caused by malformed input

The exifprocessIFDTAG function in ext/exif/exif.c in PHP before 5.5.35, 5.6.x before 5.6.21, and 7.x before 7.0.6 does not properly construct spprintf arguments, which allows remote attackers to cause a denial of service out-of-bounds read or possibly have unspecified other impact via crafted...

php: Out-of-bounds heap memory read in exif_read_data() caused by malformed input

The exifprocessIFDinJPEG function in ext/exif/exif.c in PHP before 5.5.35, 5.6.x before 5.6.21, and 7.x before 7.0.6 does not validate IFD sizes, which allows remote attackers to cause a denial of service out-of-bounds read or possibly have unspecified other impact via crafted header data...

php: Out-of-bounds heap memory read in exif_read_data() caused by malformed input

The exifprocessTIFFinJPEG function in ext/exif/exif.c in PHP before 5.5.35, 5.6.x before 5.6.21, and 7.x before 7.0.6 does not validate TIFF start data, which allows remote attackers to cause a denial of service out-of-bounds read or possibly have unspecified other impact via crafted header data...

PHP 'exif_read_data()' function information disclosure vulnerability

PHP is an open source general-purpose computer scripting language maintained by the PHP Group and the open source community. A security vulnerability in the PHP 'exifreaddata' function allows remote attackers to exploit the vulnerability to read heap memory...

PHP 'exif_read_data()' function information disclosure vulnerability (CNVD-2016-02882)

PHP is an open source general-purpose computer scripting language maintained by the PHP Group and the open source community. A security vulnerability in the PHP 'exifreaddata' function allows remote attackers to exploit the vulnerability to read heap memory...

PHP 'exif_read_data()' function information disclosure vulnerability (CNVD-2016-02881)

PHP is an open source general-purpose computer scripting language maintained by the PHP Group and the open source community. A security vulnerability in the PHP 'exifreaddata' function allows remote attackers to exploit the vulnerability to read heap memory...

php: Free called on unitialized pointer in exif.c

An uninitialized pointer use flaw was found in PHP's Exif extension. A specially crafted JPEG or TIFF file could cause a PHP application using the exifreaddata function to crash or, possibly, execute arbitrary code with the privileges of the user running that PHP application...