PublicDateAtUSN: 2019-12-23 03:15:00 UTC
Candidate: CVE-2019-11047
PublicDate: 2019-12-23 03:15:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11047
 http://git.php.net/?p=php-src.git;a=patch;h=d348cfb96f2543565691010ade5e0346338be5a7
 https://ubuntu.com/security/notices/USN-4239-1
Description:
 When PHP EXIF extension is parsing EXIF information from an image, e.g. via
 exif_read_data() function, in PHP versions 7.2.x below 7.2.26, 7.3.x below
 7.3.13 and 7.4.0 it is possible to supply it with data what will cause it
 to read past the allocated buffer. This may lead to information disclosure
 or crash.
Ubuntu-Description:
Notes:
Mitigation:
Bugs:
 http://bugs.php.net/78910
Priority: low
Discovered-by:
Assigned-to: leosilva
CVSS:
 nvd: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L [6.5 MEDIUM]

Patches_php5:
upstream_php5: needs-triage
precise/esm_php5: released (5.3.10-1ubuntu3.42)
trusty_php5: ignored (out of standard support)
trusty/esm_php5: released (5.5.9+dfsg-1ubuntu4.29+esm8)
xenial_php5: DNE
bionic_php5: DNE
disco_php5: DNE
eoan_php5: DNE
devel_php5: DNE

Patches_php7.0:
upstream_php7.0: needs-triage
precise/esm_php7.0: DNE
trusty_php7.0: DNE
trusty/esm_php7.0: DNE
xenial_php7.0: released (7.0.33-0ubuntu0.16.04.9)
esm-infra/xenial_php7.0: released (7.0.33-0ubuntu0.16.04.9)
bionic_php7.0: DNE
disco_php7.0: DNE
eoan_php7.0: DNE
devel_php7.0: DNE

Patches_php7.2:
upstream_php7.2: released (7.2.26)
precise/esm_php7.2: DNE
trusty_php7.2: DNE
trusty/esm_php7.2: DNE
xenial_php7.2: DNE
bionic_php7.2: released (7.2.24-0ubuntu0.18.04.2)
disco_php7.2: released (7.2.24-0ubuntu0.19.04.2)
eoan_php7.2: DNE
devel_php7.2: DNE

Patches_php7.3:
 upstream: http://git.php.net/?p=php-src.git;a=commit;h=d348cfb96f2543565691010ade5e0346338be5a7
upstream_php7.3: released (7.3.13)
precise/esm_php7.3: DNE
trusty_php7.3: DNE
trusty/esm_php7.3: DNE
xenial_php7.3: DNE
bionic_php7.3: DNE
disco_php7.3: DNE
eoan_php7.3: released (7.3.11-0ubuntu0.19.10.2)
devel_php7.3: released (7.3.11-0ubuntu1)