CVE-2019-9639 in Ubuntu

CVE-2019-9639

Priority

Description

An issue was discovered in the EXIF component in PHP before 7.1.27, 7.2.x
before 7.2.16, and 7.3.x before 7.3.3. There is an uninitialized read in
exif_process_IFD_in_MAKERNOTE because of mishandling the data_len variable.

References

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9639
https://www.debian.org/security/2019/dsa-4403
https://ubuntu.com/security/notices/USN-3922-1
https://ubuntu.com/security/notices/USN-3922-2
https://ubuntu.com/security/notices/USN-3922-3

Bugs

https://bugs.php.net/bug.php?id=77659

Assigned-to

leosilva

Notes

mdeslaur

same patch as CVE-2019-9638

Package

Source: php5 (LP Ubuntu Debian)

Upstream:	needs-triage
Ubuntu 18.04 LTS:	DNE
Ubuntu 14.04 ESM:	released (5.5.9+dfsg-1ubuntu4.29)

Patches:

Package

Source: php7.0 (LP Ubuntu Debian)

Upstream:	needs-triage
Ubuntu 18.04 LTS:	DNE
Ubuntu 16.04 ESM:	released (7.0.33-0ubuntu0.16.04.3)
Ubuntu 14.04 ESM:	DNE

Patches:

Package

Source: php7.2 (LP Ubuntu Debian)

Upstream:	released (7.2.16)
Ubuntu 18.04 LTS:	released (7.2.15-0ubuntu0.18.04.2)
Ubuntu 14.04 ESM:	DNE

Patches:

Upstream:

http://git.php.net/?p=php-src.git;a=commit;h=b82437eeddadf6a3a8c0f492acb6861682cd4d93

Package

Source: php7.3 (LP Ubuntu Debian)

Upstream:	released (7.3.3)
Ubuntu 18.04 LTS:	DNE
Ubuntu 14.04 ESM:	DNE

Patches:

More Information

Updated: 2022-04-13 14:01:33 UTC (commit f411bd370d482ef4385c4e751d121a4055fbc009)