View at Official suse advisory, NVD, CVE.org · CVE detail
Freshness: upstream tracker timestamp is available; use API updated time as primary recency signal.
CVE-2019-11047 severity moderate: SUSE including 899 source package names (apache2-mod_php5, apache2-mod_php5-5.2.14-111.62.1, …), 2133 product×package rows across 65 product lines (SLES for SAP Applications 11 SP2, SLES for SAP Applications 11 SP3, … (65 product lines)): Fixed 1400, Known Not Affected 733.
When PHP EXIF extension is parsing EXIF information from an image, e.g. via exif_read_data() function, in PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0 it is possible to supply it with data what will cause it to read past the allocated buffer. This may lead to information disclosure or crash.