An issue was discovered in the EXIF component in PHP before 7.1.27, 7.2.x before 7.2.16, and 7.3.x before 7.3.3. There is an uninitialized read in exif_process_IFD_in_MAKERNOTE because of mishandling the data_len variable.
The product uses or accesses a resource that has not been initialized.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Php | Php | * | 7.1.27 (excluding) |
| Php | Php | 7.2.0 (including) | 7.2.16 (excluding) |
| Php | Php | 7.3.0 (including) | 7.3.3 (excluding) |
| Red Hat Enterprise Linux 8 | RedHat | php:7.2-8020020191108065827.2c7ca891 | * |
| Red Hat Software Collections for Red Hat Enterprise Linux 7 | RedHat | rh-php71-php-0:7.1.30-1.el7 | * |
| Red Hat Software Collections for Red Hat Enterprise Linux 7 | RedHat | rh-php72-php-0:7.2.24-1.el7 | * |
| Red Hat Software Collections for Red Hat Enterprise Linux 7.4 EUS | RedHat | rh-php71-php-0:7.1.30-1.el7 | * |
| Red Hat Software Collections for Red Hat Enterprise Linux 7.5 EUS | RedHat | rh-php71-php-0:7.1.30-1.el7 | * |
| Red Hat Software Collections for Red Hat Enterprise Linux 7.5 EUS | RedHat | rh-php72-php-0:7.2.24-1.el7 | * |
| Red Hat Software Collections for Red Hat Enterprise Linux 7.6 EUS | RedHat | rh-php71-php-0:7.1.30-1.el7 | * |
| Red Hat Software Collections for Red Hat Enterprise Linux 7.6 EUS | RedHat | rh-php72-php-0:7.2.24-1.el7 | * |
| Red Hat Software Collections for Red Hat Enterprise Linux 7.7 EUS | RedHat | rh-php72-php-0:7.2.24-1.el7 | * |
| Php5 | Ubuntu | trusty | * |
| Php7.0 | Ubuntu | xenial | * |
| Php7.2 | Ubuntu | bionic | * |
| Php7.2 | Ubuntu | cosmic | * |
| Php7.2 | Ubuntu | devel | * |
| Php7.2 | Ubuntu | disco | * |
| Php7.2 | Ubuntu | upstream | * |
| Php7.3 | Ubuntu | upstream | * |