When processing certain files, PHP EXIF extension in versions 7.1.x below 7.2.8, 7.2.x below 7.2.17 and 7.3.x below 7.3.4 can be caused to read past allocated buffer in exif_process_IFD_TAG function. This may lead to information disclosure or crash. Reference: https://bugs.php.net/bug.php?id=77753 Upstream commit: http://git.php.net/?p=php-src.git;a=commit;h=f3aefc6d071b807ddacae0a0bc49f09c38e18490 http://git.php.net/?p=php-src.git;a=commit;h=a1631ac57b853edd81431e57c266ec813e180acd http://git.php.net/?p=php-src.git;a=commit;h=1c0d06441aefee18b30520e2b1ae89cbfcf56a59
Created php tracking bugs for this issue: Affects: fedora-all [bug 1702259]
Currently EXIF module from php packages doesn't validate properly the number of IFD entries. A crafted image may contain an invalid IFD count leading to heap buffer overflow and improper read of heap data on php_ifd_get32s() function.
This issue has been addressed in the following products: Red Hat Software Collections for Red Hat Enterprise Linux 7 Red Hat Software Collections for Red Hat Enterprise Linux 7.4 EUS Red Hat Software Collections for Red Hat Enterprise Linux 7.5 EUS Red Hat Software Collections for Red Hat Enterprise Linux 7.6 EUS Via RHSA-2019:2519 https://access.redhat.com/errata/RHSA-2019:2519
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2019-11034
This issue has been addressed in the following products: Red Hat Software Collections for Red Hat Enterprise Linux 7 Red Hat Software Collections for Red Hat Enterprise Linux 7.5 EUS Red Hat Software Collections for Red Hat Enterprise Linux 7.6 EUS Red Hat Software Collections for Red Hat Enterprise Linux 7.7 EUS Via RHSA-2019:3299 https://access.redhat.com/errata/RHSA-2019:3299
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2020:1624 https://access.redhat.com/errata/RHSA-2020:1624