PublicDateAtUSN: 2019-12-23 03:15:00 UTC
Candidate: CVE-2019-11050
PublicDate: 2019-12-23 03:15:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11050
 http://git.php.net/?p=php-src.git;a=patch;h=1b3b4a0d367b6f0b67e9f73d82f53db6c6b722b2
 https://ubuntu.com/security/notices/USN-4239-1
Description:
 When PHP EXIF extension is parsing EXIF information from an image, e.g. via
 exif_read_data() function, in PHP versions 7.2.x below 7.2.26, 7.3.x below
 7.3.13 and 7.4.0 it is possible to supply it with data what will cause it
 to read past the allocated buffer. This may lead to information disclosure
 or crash.
Ubuntu-Description:
Notes:
Mitigation:
Bugs:
 http://bugs.php.net/78793
Priority: low
Discovered-by:
Assigned-to: leosilva
CVSS:
 nvd: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L [6.5 MEDIUM]

Patches_php5:
upstream_php5: needs-triage
precise/esm_php5: released (5.3.10-1ubuntu3.42)
trusty_php5: ignored (out of standard support)
trusty/esm_php5: released (5.5.9+dfsg-1ubuntu4.29+esm8)
xenial_php5: DNE
bionic_php5: DNE
disco_php5: DNE
eoan_php5: DNE
devel_php5: DNE

Patches_php7.0:
upstream_php7.0: needs-triage
precise/esm_php7.0: DNE
trusty_php7.0: DNE
trusty/esm_php7.0: DNE
xenial_php7.0: released (7.0.33-0ubuntu0.16.04.9)
esm-infra/xenial_php7.0: released (7.0.33-0ubuntu0.16.04.9)
bionic_php7.0: DNE
disco_php7.0: DNE
eoan_php7.0: DNE
devel_php7.0: DNE

Patches_php7.2:
upstream_php7.2: released (7.2.26)
precise/esm_php7.2: DNE
trusty_php7.2: DNE
trusty/esm_php7.2: DNE
xenial_php7.2: DNE
bionic_php7.2: released (7.2.24-0ubuntu0.18.04.2)
disco_php7.2: released (7.2.24-0ubuntu0.19.04.2)
eoan_php7.2: DNE
devel_php7.2: DNE

Patches_php7.3:
 upstream: http://git.php.net/?p=php-src.git;a=commit;h=c14eb8de974fc8a4d74f3515424c293bc7a40fba
upstream_php7.3: released (7.3.13)
precise/esm_php7.3: DNE
trusty_php7.3: DNE
trusty/esm_php7.3: DNE
xenial_php7.3: DNE
bionic_php7.3: DNE
disco_php7.3: DNE
eoan_php7.3: released (7.3.11-0ubuntu0.19.10.2)
devel_php7.3: released (7.3.11-0ubuntu1)