CVE-2019-9641

Published: 08 March 2019

An issue was discovered in the EXIF component in PHP before 7.1.27, 7.2.x before 7.2.16, and 7.3.x before 7.3.3. There is an uninitialized read in exif_process_IFD_in_TIFF.

Priority

Medium

CVSS 3 base score: 9.8

Status

Package Release Status
php5
Launchpad, Ubuntu, Debian
Upstream Needs triage

Ubuntu 18.04 LTS (Bionic Beaver) Does not exist

Ubuntu 16.04 ESM (Xenial Xerus) Does not exist

Ubuntu 14.04 ESM (Trusty Tahr)
Released (5.5.9+dfsg-1ubuntu4.29)
php7.0
Launchpad, Ubuntu, Debian
Upstream Needs triage

Ubuntu 18.04 LTS (Bionic Beaver) Does not exist

Ubuntu 16.04 ESM (Xenial Xerus)
Released (7.0.33-0ubuntu0.16.04.3)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist

php7.2
Launchpad, Ubuntu, Debian
Upstream
Released (7.2.16)
Ubuntu 18.04 LTS (Bionic Beaver)
Released (7.2.15-0ubuntu0.18.04.2)
Ubuntu 16.04 ESM (Xenial Xerus) Does not exist

Ubuntu 14.04 ESM (Trusty Tahr) Does not exist

Patches:
Upstream: http://git.php.net/?p=php-src.git;a=commit;h=5e824a88d073d282c4f358f186cb87ddc284f83d
php7.3
Launchpad, Ubuntu, Debian
Upstream
Released (7.3.3)
Ubuntu 18.04 LTS (Bionic Beaver) Does not exist

Ubuntu 16.04 ESM (Xenial Xerus) Does not exist

Ubuntu 14.04 ESM (Trusty Tahr) Does not exist