Home

CVE-2019-9639

Description

An issue was discovered in the EXIF component in PHP before 7.1.27, 7.2.x before 7.2.16, and 7.3.x before 7.3.3. There is an uninitialized read in exif_process_IFD_in_MAKERNOTE because of mishandling the data_len variable.

Risk Information

Base Score
7.5
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
EPSS Score
Exploitation Probability
18.0

Associated Vulnerability

VulnerabilityOS Platform
(RHSA-2020:1624) php:7.2 security, bug fix, and enhancement update apcu-panel-5.1.12-2.module+el8.1.0+3202+af5476b9.noarch.rpmLinux
(RHSA-2020:1624) php:7.2 security, bug fix, and enhancement update libzip-1.5.1-2.module+el8.1.0+3202+af5476b9.x86_64.rpmLinux
(RHSA-2020:1624) php:7.2 security, bug fix, and enhancement update libzip-debugsource-1.5.1-2.module+el8.1.0+3202+af5476b9.x86_64.rpmLinux
(RHSA-2020:1624) php:7.2 security, bug fix, and enhancement update libzip-devel-1.5.1-2.module+el8.1.0+3202+af5476b9.x86_64.rpmLinux
(RHSA-2020:1624) php:7.2 security, bug fix, and enhancement update libzip-tools-1.5.1-2.module+el8.1.0+3202+af5476b9.x86_64.rpmLinux
(RHSA-2020:1624) php:7.2 security, bug fix, and enhancement update php-7.2.24-1.module+el8.2.0+4601+7c76a223.x86_64.rpmLinux
(RHSA-2020:1624) php:7.2 security, bug fix, and enhancement update php-bcmath-7.2.24-1.module+el8.2.0+4601+7c76a223.x86_64.rpmLinux
(RHSA-2020:1624) php:7.2 security, bug fix, and enhancement update php-cli-7.2.24-1.module+el8.2.0+4601+7c76a223.x86_64.rpmLinux
(RHSA-2020:1624) php:7.2 security, bug fix, and enhancement update php-common-7.2.24-1.module+el8.2.0+4601+7c76a223.x86_64.rpmLinux
(RHSA-2020:1624) php:7.2 security, bug fix, and enhancement update php-dba-7.2.24-1.module+el8.2.0+4601+7c76a223.x86_64.rpmLinux
(RHSA-2020:1624) php:7.2 security, bug fix, and enhancement update php-dbg-7.2.24-1.module+el8.2.0+4601+7c76a223.x86_64.rpmLinux
(RHSA-2020:1624) php:7.2 security, bug fix, and enhancement update php-debugsource-7.2.24-1.module+el8.2.0+4601+7c76a223.x86_64.rpmLinux
(RHSA-2020:1624) php:7.2 security, bug fix, and enhancement update php-devel-7.2.24-1.module+el8.2.0+4601+7c76a223.x86_64.rpmLinux
(RHSA-2020:1624) php:7.2 security, bug fix, and enhancement update php-embedded-7.2.24-1.module+el8.2.0+4601+7c76a223.x86_64.rpmLinux
(RHSA-2020:1624) php:7.2 security, bug fix, and enhancement update php-enchant-7.2.24-1.module+el8.2.0+4601+7c76a223.x86_64.rpmLinux
(RHSA-2020:1624) php:7.2 security, bug fix, and enhancement update php-fpm-7.2.24-1.module+el8.2.0+4601+7c76a223.x86_64.rpmLinux
(RHSA-2020:1624) php:7.2 security, bug fix, and enhancement update php-gd-7.2.24-1.module+el8.2.0+4601+7c76a223.x86_64.rpmLinux
(RHSA-2020:1624) php:7.2 security, bug fix, and enhancement update php-gmp-7.2.24-1.module+el8.2.0+4601+7c76a223.x86_64.rpmLinux
(RHSA-2020:1624) php:7.2 security, bug fix, and enhancement update php-intl-7.2.24-1.module+el8.2.0+4601+7c76a223.x86_64.rpmLinux
(RHSA-2020:1624) php:7.2 security, bug fix, and enhancement update php-json-7.2.24-1.module+el8.2.0+4601+7c76a223.x86_64.rpmLinux
(RHSA-2020:1624) php:7.2 security, bug fix, and enhancement update php-ldap-7.2.24-1.module+el8.2.0+4601+7c76a223.x86_64.rpmLinux
(RHSA-2020:1624) php:7.2 security, bug fix, and enhancement update php-mbstring-7.2.24-1.module+el8.2.0+4601+7c76a223.x86_64.rpmLinux
(RHSA-2020:1624) php:7.2 security, bug fix, and enhancement update php-mysqlnd-7.2.24-1.module+el8.2.0+4601+7c76a223.x86_64.rpmLinux
(RHSA-2020:1624) php:7.2 security, bug fix, and enhancement update php-odbc-7.2.24-1.module+el8.2.0+4601+7c76a223.x86_64.rpmLinux
(RHSA-2020:1624) php:7.2 security, bug fix, and enhancement update php-opcache-7.2.24-1.module+el8.2.0+4601+7c76a223.x86_64.rpmLinux
(RHSA-2020:1624) php:7.2 security, bug fix, and enhancement update php-pdo-7.2.24-1.module+el8.2.0+4601+7c76a223.x86_64.rpmLinux
(RHSA-2020:1624) php:7.2 security, bug fix, and enhancement update php-pear-1.10.5-9.module+el8.1.0+3202+af5476b9.noarch.rpmLinux
(RHSA-2020:1624) php:7.2 security, bug fix, and enhancement update php-pecl-apcu-5.1.12-2.module+el8.1.0+3202+af5476b9.x86_64.rpmLinux
(RHSA-2020:1624) php:7.2 security, bug fix, and enhancement update php-pecl-apcu-debugsource-5.1.12-2.module+el8.1.0+3202+af5476b9.x86_64.rpmLinux
(RHSA-2020:1624) php:7.2 security, bug fix, and enhancement update php-pecl-apcu-devel-5.1.12-2.module+el8.1.0+3202+af5476b9.x86_64.rpmLinux
(RHSA-2020:1624) php:7.2 security, bug fix, and enhancement update php-pecl-zip-1.15.3-1.module+el8.1.0+3186+20164e6f.x86_64.rpmLinux
(RHSA-2020:1624) php:7.2 security, bug fix, and enhancement update php-pecl-zip-debugsource-1.15.3-1.module+el8.1.0+3186+20164e6f.x86_64.rpmLinux
(RHSA-2020:1624) php:7.2 security, bug fix, and enhancement update php-pgsql-7.2.24-1.module+el8.2.0+4601+7c76a223.x86_64.rpmLinux
(RHSA-2020:1624) php:7.2 security, bug fix, and enhancement update php-process-7.2.24-1.module+el8.2.0+4601+7c76a223.x86_64.rpmLinux
(RHSA-2020:1624) php:7.2 security, bug fix, and enhancement update php-recode-7.2.24-1.module+el8.2.0+4601+7c76a223.x86_64.rpmLinux
(RHSA-2020:1624) php:7.2 security, bug fix, and enhancement update php-snmp-7.2.24-1.module+el8.2.0+4601+7c76a223.x86_64.rpmLinux
(RHSA-2020:1624) php:7.2 security, bug fix, and enhancement update php-soap-7.2.24-1.module+el8.2.0+4601+7c76a223.x86_64.rpmLinux
(RHSA-2020:1624) php:7.2 security, bug fix, and enhancement update php-xml-7.2.24-1.module+el8.2.0+4601+7c76a223.x86_64.rpmLinux
(RHSA-2020:1624) php:7.2 security, bug fix, and enhancement update php-xmlrpc-7.2.24-1.module+el8.2.0+4601+7c76a223.x86_64.rpmLinux
(RHSA-2020:1624)Moderate: security, bug fix, and enhancement update libzip-debuginfo-1.5.1-2.module+el8.1.0+3202+af5476b9.x86_64.rpmLinux
(RHSA-2020:1624)Moderate: security, bug fix, and enhancement update libzip-tools-debuginfo-1.5.1-2.module+el8.1.0+3202+af5476b9.x86_64.rpmLinux
(RHSA-2020:1624)Moderate: security, bug fix, and enhancement update php-bcmath-debuginfo-7.2.24-1.module+el8.2.0+4601+7c76a223.x86_64.rpmLinux
(RHSA-2020:1624)Moderate: security, bug fix, and enhancement update php-cli-debuginfo-7.2.24-1.module+el8.2.0+4601+7c76a223.x86_64.rpmLinux
(RHSA-2020:1624)Moderate: security, bug fix, and enhancement update php-common-debuginfo-7.2.24-1.module+el8.2.0+4601+7c76a223.x86_64.rpmLinux
(RHSA-2020:1624)Moderate: security, bug fix, and enhancement update php-dba-debuginfo-7.2.24-1.module+el8.2.0+4601+7c76a223.x86_64.rpmLinux
(RHSA-2020:1624)Moderate: security, bug fix, and enhancement update php-dbg-debuginfo-7.2.24-1.module+el8.2.0+4601+7c76a223.x86_64.rpmLinux
(RHSA-2020:1624)Moderate: security, bug fix, and enhancement update php-debuginfo-7.2.24-1.module+el8.2.0+4601+7c76a223.x86_64.rpmLinux
(RHSA-2020:1624)Moderate: security, bug fix, and enhancement update php-embedded-debuginfo-7.2.24-1.module+el8.2.0+4601+7c76a223.x86_64.rpmLinux
(RHSA-2020:1624)Moderate: security, bug fix, and enhancement update php-enchant-debuginfo-7.2.24-1.module+el8.2.0+4601+7c76a223.x86_64.rpmLinux
(RHSA-2020:1624)Moderate: security, bug fix, and enhancement update php-fpm-debuginfo-7.2.24-1.module+el8.2.0+4601+7c76a223.x86_64.rpmLinux
(RHSA-2020:1624)Moderate: security, bug fix, and enhancement update php-gd-debuginfo-7.2.24-1.module+el8.2.0+4601+7c76a223.x86_64.rpmLinux
(RHSA-2020:1624)Moderate: security, bug fix, and enhancement update php-gmp-debuginfo-7.2.24-1.module+el8.2.0+4601+7c76a223.x86_64.rpmLinux
(RHSA-2020:1624)Moderate: security, bug fix, and enhancement update php-intl-debuginfo-7.2.24-1.module+el8.2.0+4601+7c76a223.x86_64.rpmLinux
(RHSA-2020:1624)Moderate: security, bug fix, and enhancement update php-json-debuginfo-7.2.24-1.module+el8.2.0+4601+7c76a223.x86_64.rpmLinux
(RHSA-2020:1624)Moderate: security, bug fix, and enhancement update php-ldap-debuginfo-7.2.24-1.module+el8.2.0+4601+7c76a223.x86_64.rpmLinux
(RHSA-2020:1624)Moderate: security, bug fix, and enhancement update php-mbstring-debuginfo-7.2.24-1.module+el8.2.0+4601+7c76a223.x86_64.rpmLinux
(RHSA-2020:1624)Moderate: security, bug fix, and enhancement update php-mysqlnd-debuginfo-7.2.24-1.module+el8.2.0+4601+7c76a223.x86_64.rpmLinux
(RHSA-2020:1624)Moderate: security, bug fix, and enhancement update php-odbc-debuginfo-7.2.24-1.module+el8.2.0+4601+7c76a223.x86_64.rpmLinux
(RHSA-2020:1624)Moderate: security, bug fix, and enhancement update php-opcache-debuginfo-7.2.24-1.module+el8.2.0+4601+7c76a223.x86_64.rpmLinux
(RHSA-2020:1624)Moderate: security, bug fix, and enhancement update php-pdo-debuginfo-7.2.24-1.module+el8.2.0+4601+7c76a223.x86_64.rpmLinux
(RHSA-2020:1624)Moderate: security, bug fix, and enhancement update php-pecl-apcu-debuginfo-5.1.12-2.module+el8.1.0+3202+af5476b9.x86_64.rpmLinux
(RHSA-2020:1624)Moderate: security, bug fix, and enhancement update php-pecl-zip-debuginfo-1.15.3-1.module+el8.1.0+3186+20164e6f.x86_64.rpmLinux
(RHSA-2020:1624)Moderate: security, bug fix, and enhancement update php-pgsql-debuginfo-7.2.24-1.module+el8.2.0+4601+7c76a223.x86_64.rpmLinux
(RHSA-2020:1624)Moderate: security, bug fix, and enhancement update php-process-debuginfo-7.2.24-1.module+el8.2.0+4601+7c76a223.x86_64.rpmLinux
(RHSA-2020:1624)Moderate: security, bug fix, and enhancement update php-recode-debuginfo-7.2.24-1.module+el8.2.0+4601+7c76a223.x86_64.rpmLinux
(RHSA-2020:1624)Moderate: security, bug fix, and enhancement update php-snmp-debuginfo-7.2.24-1.module+el8.2.0+4601+7c76a223.x86_64.rpmLinux
(RHSA-2020:1624)Moderate: security, bug fix, and enhancement update php-soap-debuginfo-7.2.24-1.module+el8.2.0+4601+7c76a223.x86_64.rpmLinux
(RHSA-2020:1624)Moderate: security, bug fix, and enhancement update php-xml-debuginfo-7.2.24-1.module+el8.2.0+4601+7c76a223.x86_64.rpmLinux
(RHSA-2020:1624)Moderate: security, bug fix, and enhancement update php-xmlrpc-debuginfo-7.2.24-1.module+el8.2.0+4601+7c76a223.x86_64.rpmLinux
Moderate: php:7.2 security, bug fix, and enhancement update libzip-1.5.1-2.module_el8.3.0+2010+7c76a223.x86_64.rpmLinux
Moderate: php:7.2 security, bug fix, and enhancement update libzip-devel-1.5.1-2.module_el8.3.0+2010+7c76a223.x86_64.rpmLinux
Moderate: php:7.2 security, bug fix, and enhancement update libzip-tools-1.5.1-2.module_el8.3.0+2010+7c76a223.x86_64.rpmLinux
Moderate: php:7.2 security, bug fix, and enhancement update apcu-panel-5.1.12-2.module_el8.3.0+2010+7c76a223.noarch.rpmLinux
Moderate: php:7.2 security, bug fix, and enhancement update php-7.2.24-1.module_el8.3.0+2010+7c76a223.x86_64.rpmLinux
Moderate: php:7.2 security, bug fix, and enhancement update php-bcmath-7.2.24-1.module_el8.3.0+2010+7c76a223.x86_64.rpmLinux
Moderate: php:7.2 security, bug fix, and enhancement update php-cli-7.2.24-1.module_el8.3.0+2010+7c76a223.x86_64.rpmLinux
Moderate: php:7.2 security, bug fix, and enhancement update php-common-7.2.24-1.module_el8.3.0+2010+7c76a223.x86_64.rpmLinux
Moderate: php:7.2 security, bug fix, and enhancement update php-dba-7.2.24-1.module_el8.3.0+2010+7c76a223.x86_64.rpmLinux
Moderate: php:7.2 security, bug fix, and enhancement update php-dbg-7.2.24-1.module_el8.3.0+2010+7c76a223.x86_64.rpmLinux
Moderate: php:7.2 security, bug fix, and enhancement update php-devel-7.2.24-1.module_el8.3.0+2010+7c76a223.x86_64.rpmLinux
Moderate: php:7.2 security, bug fix, and enhancement update php-embedded-7.2.24-1.module_el8.3.0+2010+7c76a223.x86_64.rpmLinux
Moderate: php:7.2 security, bug fix, and enhancement update php-enchant-7.2.24-1.module_el8.3.0+2010+7c76a223.x86_64.rpmLinux
Moderate: php:7.2 security, bug fix, and enhancement update php-fpm-7.2.24-1.module_el8.3.0+2010+7c76a223.x86_64.rpmLinux
Moderate: php:7.2 security, bug fix, and enhancement update php-gd-7.2.24-1.module_el8.3.0+2010+7c76a223.x86_64.rpmLinux
Moderate: php:7.2 security, bug fix, and enhancement update php-gmp-7.2.24-1.module_el8.3.0+2010+7c76a223.x86_64.rpmLinux
Moderate: php:7.2 security, bug fix, and enhancement update php-intl-7.2.24-1.module_el8.3.0+2010+7c76a223.x86_64.rpmLinux
Moderate: php:7.2 security, bug fix, and enhancement update php-json-7.2.24-1.module_el8.3.0+2010+7c76a223.x86_64.rpmLinux
Moderate: php:7.2 security, bug fix, and enhancement update php-ldap-7.2.24-1.module_el8.3.0+2010+7c76a223.x86_64.rpmLinux
Moderate: php:7.2 security, bug fix, and enhancement update php-mbstring-7.2.24-1.module_el8.3.0+2010+7c76a223.x86_64.rpmLinux
Moderate: php:7.2 security, bug fix, and enhancement update php-mysqlnd-7.2.24-1.module_el8.3.0+2010+7c76a223.x86_64.rpmLinux
Moderate: php:7.2 security, bug fix, and enhancement update php-odbc-7.2.24-1.module_el8.3.0+2010+7c76a223.x86_64.rpmLinux
Moderate: php:7.2 security, bug fix, and enhancement update php-opcache-7.2.24-1.module_el8.3.0+2010+7c76a223.x86_64.rpmLinux
Moderate: php:7.2 security, bug fix, and enhancement update php-pdo-7.2.24-1.module_el8.3.0+2010+7c76a223.x86_64.rpmLinux
Moderate: php:7.2 security, bug fix, and enhancement update php-pear-1.10.5-9.module_el8.3.0+2010+7c76a223.noarch.rpmLinux
Moderate: php:7.2 security, bug fix, and enhancement update php-pecl-apcu-5.1.12-2.module_el8.3.0+2010+7c76a223.x86_64.rpmLinux
Moderate: php:7.2 security, bug fix, and enhancement update php-pecl-apcu-devel-5.1.12-2.module_el8.3.0+2010+7c76a223.x86_64.rpmLinux
Moderate: php:7.2 security, bug fix, and enhancement update php-pecl-zip-1.15.3-1.module_el8.3.0+2010+7c76a223.x86_64.rpmLinux
Moderate: php:7.2 security, bug fix, and enhancement update php-pgsql-7.2.24-1.module_el8.3.0+2010+7c76a223.x86_64.rpmLinux
Moderate: php:7.2 security, bug fix, and enhancement update php-process-7.2.24-1.module_el8.3.0+2010+7c76a223.x86_64.rpmLinux
Moderate: php:7.2 security, bug fix, and enhancement update php-recode-7.2.24-1.module_el8.3.0+2010+7c76a223.x86_64.rpmLinux
Moderate: php:7.2 security, bug fix, and enhancement update php-snmp-7.2.24-1.module_el8.3.0+2010+7c76a223.x86_64.rpmLinux
Moderate: php:7.2 security, bug fix, and enhancement update php-soap-7.2.24-1.module_el8.3.0+2010+7c76a223.x86_64.rpmLinux
Moderate: php:7.2 security, bug fix, and enhancement update php-xml-7.2.24-1.module_el8.3.0+2010+7c76a223.x86_64.rpmLinux
Moderate: php:7.2 security, bug fix, and enhancement update php-xmlrpc-7.2.24-1.module_el8.3.0+2010+7c76a223.x86_64.rpmLinux

Patch Details

No records found

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234