Bug 1702256 (CVE-2019-11034) - CVE-2019-11034 php: Heap buffer overflow in function exif_process_IFD_TAG()
Summary: CVE-2019-11034 php: Heap buffer overflow in function exif_process_IFD_TAG()
Keywords:
Status: CLOSED ERRATA
Alias: CVE-2019-11034
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
low
low
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 1702259 1706884 1706886 1706887 1706888 1706889
Blocks: 1702258
TreeView+ depends on / blocked
 
Reported: 2019-04-23 10:41 UTC by Dhananjay Arunesh
Modified: 2023-03-24 14:45 UTC (History)
7 users (show)

Fixed In Version: php 7.1.28, php 7.2.17, php 7.3.4
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2019-08-19 08:48:01 UTC
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2019:3727 0 None None None 2019-11-06 10:12:41 UTC
Red Hat Product Errata RHSA-2019:2519 0 None None None 2019-08-19 08:43:00 UTC
Red Hat Product Errata RHSA-2019:3299 0 None None None 2019-11-01 13:01:00 UTC
Red Hat Product Errata RHSA-2020:1624 0 None None None 2020-04-28 15:31:56 UTC

Description Dhananjay Arunesh 2019-04-23 10:41:39 UTC 
When processing certain files, PHP EXIF extension in versions 7.1.x below 7.2.8, 7.2.x below 7.2.17 and 7.3.x below 7.3.4 can be caused to read past allocated buffer in exif_process_IFD_TAG function. This may lead to information disclosure or crash.

Reference:
https://bugs.php.net/bug.php?id=77753

Upstream commit:
http://git.php.net/?p=php-src.git;a=commit;h=f3aefc6d071b807ddacae0a0bc49f09c38e18490
http://git.php.net/?p=php-src.git;a=commit;h=a1631ac57b853edd81431e57c266ec813e180acd
http://git.php.net/?p=php-src.git;a=commit;h=1c0d06441aefee18b30520e2b1ae89cbfcf56a59
Comment 1 Dhananjay Arunesh 2019-04-23 10:45:50 UTC 
Created php tracking bugs for this issue:

Affects: fedora-all [bug 1702259]
Comment 6 Marco Benatto 2019-05-06 14:49:26 UTC 
Currently EXIF module from php packages doesn't validate properly the number of IFD entries. A crafted image may contain an
invalid IFD count leading to heap buffer overflow and improper read of heap data on php_ifd_get32s() function.
Comment 7 errata-xmlrpc 2019-08-19 08:42:59 UTC 
This issue has been addressed in the following products:

  Red Hat Software Collections for Red Hat Enterprise Linux 7
  Red Hat Software Collections for Red Hat Enterprise Linux 7.4 EUS
  Red Hat Software Collections for Red Hat Enterprise Linux 7.5 EUS
  Red Hat Software Collections for Red Hat Enterprise Linux 7.6 EUS

Via RHSA-2019:2519 https://access.redhat.com/errata/RHSA-2019:2519
Comment 8 Product Security DevOps Team 2019-08-19 08:48:01 UTC 
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):

https://access.redhat.com/security/cve/cve-2019-11034
Comment 9 errata-xmlrpc 2019-11-01 13:00:59 UTC 
This issue has been addressed in the following products:

  Red Hat Software Collections for Red Hat Enterprise Linux 7
  Red Hat Software Collections for Red Hat Enterprise Linux 7.5 EUS
  Red Hat Software Collections for Red Hat Enterprise Linux 7.6 EUS
  Red Hat Software Collections for Red Hat Enterprise Linux 7.7 EUS

Via RHSA-2019:3299 https://access.redhat.com/errata/RHSA-2019:3299
Comment 10 errata-xmlrpc 2020-04-28 15:31:54 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2020:1624 https://access.redhat.com/errata/RHSA-2020:1624
Note You need to log in before you can comment on or make changes to this bug.