CVE-2019-11050

Medium CVSS 4.8

Overview

When PHP EXIF extension is parsing EXIF information from an image, e.g. via exif_read_data() function, in PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0 it is possible to supply it with data what will cause it to read past the allocated buffer. This may lead to information disclosure or crash.

CWE: CWE-125 Published: 2019-12-23T03:15:11.977

Risk analysis

This vulnerability is rated 🟡 MEDIUM.

CVSS: 4.8 (MEDIUM)
Detected tags: none (tag impact: LOW)

Recommended actions:

Prioritize remediation based on business criticality and exposure.
Limit exposure and increase monitoring until fixed.

Overview

Recommended tools

Tags