When processing certain files, PHP EXIF extension in versions 7.1.x below 7.1.29, 7.2.x below 7.2.18 and 7.3.x below 7.3.5 can be caused to read past allocated buffer in exif_process_IFD_TAG function. This may lead to information disclosure or crash.
The product reads from a buffer using buffer access mechanisms such as indexes or pointers that reference memory locations after the targeted buffer.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Php | Php | 7.1.0 (including) | 7.1.29 (excluding) |
| Php | Php | 7.2.0 (including) | 7.2.18 (excluding) |
| Php | Php | 7.3.0 (including) | 7.3.5 (excluding) |
| Red Hat Enterprise Linux 8 | RedHat | php:7.2-8020020191108065827.2c7ca891 | * |
| Red Hat Software Collections for Red Hat Enterprise Linux 7 | RedHat | rh-php71-php-0:7.1.30-1.el7 | * |
| Red Hat Software Collections for Red Hat Enterprise Linux 7 | RedHat | rh-php72-php-0:7.2.24-1.el7 | * |
| Red Hat Software Collections for Red Hat Enterprise Linux 7.4 EUS | RedHat | rh-php71-php-0:7.1.30-1.el7 | * |
| Red Hat Software Collections for Red Hat Enterprise Linux 7.5 EUS | RedHat | rh-php71-php-0:7.1.30-1.el7 | * |
| Red Hat Software Collections for Red Hat Enterprise Linux 7.5 EUS | RedHat | rh-php72-php-0:7.2.24-1.el7 | * |
| Red Hat Software Collections for Red Hat Enterprise Linux 7.6 EUS | RedHat | rh-php71-php-0:7.1.30-1.el7 | * |
| Red Hat Software Collections for Red Hat Enterprise Linux 7.6 EUS | RedHat | rh-php72-php-0:7.2.24-1.el7 | * |
| Red Hat Software Collections for Red Hat Enterprise Linux 7.7 EUS | RedHat | rh-php72-php-0:7.2.24-1.el7 | * |
| Php5 | Ubuntu | trusty/esm | * |
| Php7.0 | Ubuntu | xenial | * |
| Php7.2 | Ubuntu | bionic | * |
| Php7.2 | Ubuntu | cosmic | * |
| Php7.2 | Ubuntu | devel | * |
| Php7.2 | Ubuntu | disco | * |
| Php7.2 | Ubuntu | upstream | * |
| Php7.3 | Ubuntu | upstream | * |