CVE-2018-14851

Published: Aug 2, 2018Modified: Nov 21, 2024

5.5

Vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Exploitability: 1.8 / Impact: 3.6

Source: NVD

Description

exif_process_IFD_in_MAKERNOTE in ext/exif/exif.c in PHP before 5.6.37, 7.0.x before 7.0.31, 7.1.x before 7.1.20, and 7.2.x before 7.2.8 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted JPEG file.

Affected (11)

Products: Php: Php · Canonical: Ubuntu Linux · Debian: Debian Linux · +1 more

Show all products

Php: Php · Canonical: Ubuntu Linux · Debian: Debian Linux · Netapp: Storage Automation Store

1 product

1 product

1 product

1 product

Storage Automation Store

Configuration A

4 vulnerable

Vulnerable Software	Affected Versions
Php Php	Up to 5.6.36
Php Php	From 7.0.0 to 7.0.31
Php Php	From 7.1.0 to 7.1.20
Php Php	From 7.2.0 to 7.2.8

Configuration B

4 vulnerable

Vulnerable Software	Affected Versions
Canonical Ubuntu Linux	Version 12.04
Canonical Ubuntu Linux	Version 14.04
Canonical Ubuntu Linux	Version 16.04
Canonical Ubuntu Linux	Version 18.04

Configuration C

2 vulnerable

Vulnerable Software	Affected Versions
Debian Debian Linux	Version 8.0
Debian Debian Linux	Version 9.0

Configuration D

1 vulnerable

Vulnerable Software	Affected Versions
Netapp Storage Automation Store	All versions

Related CWEs

Out-of-bounds Read

The product reads data past the end, or before the beginning, of the intended buffer.

References (22)

http://php.net/ChangeLog-5.php

Source: cve@mitre.org

Release NotesVendor Advisory

http://php.net/ChangeLog-7.php

Source: cve@mitre.org

Release NotesVendor Advisory

http://www.securityfocus.com/bid/104871

Source: cve@mitre.org

Third Party AdvisoryVDB Entry

https://access.redhat.com/errata/RHSA-2019:2519

Source: cve@mitre.org

https://bugs.php.net/bug.php?id=76557

Source: cve@mitre.org

Issue TrackingPatchVendor Advisory

https://lists.debian.org/debian-lts-announce/2018/09/msg00000.html

Source: cve@mitre.org

Third Party Advisory

https://security.netapp.com/advisory/ntap-20181107-0003/

Source: cve@mitre.org

Third Party Advisory

https://usn.ubuntu.com/3766-1/

Source: cve@mitre.org

Third Party Advisory

https://usn.ubuntu.com/3766-2/

Source: cve@mitre.org

Third Party Advisory

https://www.debian.org/security/2018/dsa-4353

Source: cve@mitre.org

Third Party Advisory

https://www.tenable.com/security/tns-2018-12

Source: cve@mitre.org

Third Party Advisory

http://php.net/ChangeLog-5.php

Source: af854a3a-2127-422b-91ae-364da2661108

Release NotesVendor Advisory

http://php.net/ChangeLog-7.php

Source: af854a3a-2127-422b-91ae-364da2661108

Release NotesVendor Advisory

http://www.securityfocus.com/bid/104871

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

https://access.redhat.com/errata/RHSA-2019:2519

Source: af854a3a-2127-422b-91ae-364da2661108

https://bugs.php.net/bug.php?id=76557

Source: af854a3a-2127-422b-91ae-364da2661108

Issue TrackingPatchVendor Advisory

https://lists.debian.org/debian-lts-announce/2018/09/msg00000.html

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://security.netapp.com/advisory/ntap-20181107-0003/

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://usn.ubuntu.com/3766-1/

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://usn.ubuntu.com/3766-2/

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://www.debian.org/security/2018/dsa-4353

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://www.tenable.com/security/tns-2018-12

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

Timeline

No history available yet.