CVE-2019-9640

Published: 08 March 2019

An issue was discovered in the EXIF component in PHP before 7.1.27, 7.2.x before 7.2.16, and 7.3.x before 7.3.3. There is an Invalid Read in exif_process_SOFn.

Priority

Medium

CVSS 3 base score: 7.5

Status

Package Release Status
php5
Launchpad, Ubuntu, Debian
Upstream Needs triage

Ubuntu 18.04 LTS (Bionic Beaver) Does not exist

Ubuntu 16.04 ESM (Xenial Xerus) Does not exist

Ubuntu 14.04 ESM (Trusty Tahr)
Released (5.5.9+dfsg-1ubuntu4.29)
php7.0
Launchpad, Ubuntu, Debian
Upstream Needs triage

Ubuntu 18.04 LTS (Bionic Beaver) Does not exist

Ubuntu 16.04 ESM (Xenial Xerus)
Released (7.0.33-0ubuntu0.16.04.3)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist

php7.2
Launchpad, Ubuntu, Debian
Upstream
Released (7.2.16)
Ubuntu 18.04 LTS (Bionic Beaver)
Released (7.2.15-0ubuntu0.18.04.2)
Ubuntu 16.04 ESM (Xenial Xerus) Does not exist

Ubuntu 14.04 ESM (Trusty Tahr) Does not exist

Patches:
Upstream: http://git.php.net/?p=php-src.git;a=commit;h=30d2b94a2e88021b77b07149e1f4438662ca8e5e
php7.3
Launchpad, Ubuntu, Debian
Upstream
Released (7.3.3)
Ubuntu 18.04 LTS (Bionic Beaver) Does not exist

Ubuntu 16.04 ESM (Xenial Xerus) Does not exist

Ubuntu 14.04 ESM (Trusty Tahr) Does not exist