suse · CVE-2019-11040

Quick triage

Priority: medium Published: 2021-05-30 14:27:11 UTC Updated: 2026-03-05 06:19:06 UTC

View at Official suse advisory, NVD, CVE.org · CVE detail

Freshness: upstream tracker timestamp is available; use API updated time as primary recency signal.

Tracker summary

CVE-2019-11040 severity moderate: SUSE including 944 source package names (apache2-mod_php5-5.2.14-111.54.1, apache2-mod_php5-5.5.14-109.63.2, …), 1874 product×package rows across 47 product lines (SUSE CaaS Platform 4.0, SUSE Enterprise Storage 6, … (47 product lines)): Fixed 1470, Known Not Affected 404.

Description:

When PHP EXIF extension is parsing EXIF information from an image, e.g. via exif_read_data() function, in PHP versions 7.1.x below 7.1.30, 7.2.x below 7.2.19 and 7.3.x below 7.3.6 it is possible to supply it with data what will cause it to read past the allocated buffer. This may lead to information disclosure or crash.

cvelogic Threat Intelligence