Bug 1702256 (CVE-2019-11034) - CVE-2019-11034 php: Heap buffer overflow in function exif_process_IFD_TAG()
Summary: CVE-2019-11034 php: Heap buffer overflow in function exif_process_IFD_TAG()
Keywords:
Status: CLOSED ERRATA
Alias: CVE-2019-11034
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
low
low
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 1706886 1702259 1706884 1706887 1706888 1706889
Blocks: 1702258
TreeView+ depends on / blocked
 
Reported: 2019-04-23 10:41 UTC by Dhananjay Arunesh
Modified: 2019-11-14 11:56 UTC (History)
7 users (show)

Fixed In Version: php 7.1.28, php 7.2.17, php 7.3.4
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2019-08-19 08:48:01 UTC


Attachments (Terms of Use)


Links
System ID Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2019:3727 None None None 2019-11-06 10:12:41 UTC
Red Hat Product Errata RHSA-2019:2519 None None None 2019-08-19 08:43:00 UTC
Red Hat Product Errata RHSA-2019:3299 None None None 2019-11-01 13:01:00 UTC

Description Dhananjay Arunesh 2019-04-23 10:41:39 UTC
When processing certain files, PHP EXIF extension in versions 7.1.x below 7.2.8, 7.2.x below 7.2.17 and 7.3.x below 7.3.4 can be caused to read past allocated buffer in exif_process_IFD_TAG function. This may lead to information disclosure or crash.

Reference:
https://bugs.php.net/bug.php?id=77753

Upstream commit:
http://git.php.net/?p=php-src.git;a=commit;h=f3aefc6d071b807ddacae0a0bc49f09c38e18490
http://git.php.net/?p=php-src.git;a=commit;h=a1631ac57b853edd81431e57c266ec813e180acd
http://git.php.net/?p=php-src.git;a=commit;h=1c0d06441aefee18b30520e2b1ae89cbfcf56a59

Comment 1 Dhananjay Arunesh 2019-04-23 10:45:50 UTC
Created php tracking bugs for this issue:

Affects: fedora-all [bug 1702259]

Comment 6 Marco Benatto 2019-05-06 14:49:26 UTC
Currently EXIF module from php packages doesn't validate properly the number of IFD entries. A crafted image may contain an
invalid IFD count leading to heap buffer overflow and improper read of heap data on php_ifd_get32s() function.

Comment 7 errata-xmlrpc 2019-08-19 08:42:59 UTC
This issue has been addressed in the following products:

  Red Hat Software Collections for Red Hat Enterprise Linux 7
  Red Hat Software Collections for Red Hat Enterprise Linux 7.4 EUS
  Red Hat Software Collections for Red Hat Enterprise Linux 7.5 EUS
  Red Hat Software Collections for Red Hat Enterprise Linux 7.6 EUS

Via RHSA-2019:2519 https://access.redhat.com/errata/RHSA-2019:2519

Comment 8 Product Security DevOps Team 2019-08-19 08:48:01 UTC
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):

https://access.redhat.com/security/cve/cve-2019-11034

Comment 9 errata-xmlrpc 2019-11-01 13:00:59 UTC
This issue has been addressed in the following products:

  Red Hat Software Collections for Red Hat Enterprise Linux 7
  Red Hat Software Collections for Red Hat Enterprise Linux 7.5 EUS
  Red Hat Software Collections for Red Hat Enterprise Linux 7.6 EUS
  Red Hat Software Collections for Red Hat Enterprise Linux 7.7 EUS

Via RHSA-2019:3299 https://access.redhat.com/errata/RHSA-2019:3299


Note You need to log in before you can comment on or make changes to this bug.