Bug 1154502 (CVE-2014-3670)

Summary: CVE-2014-3670 php: heap corruption issue in exif_thumbnail()
Product: [Other] Security Response Reporter: Murray McAllister <mmcallis>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED ERRATA QA Contact:
Severity: high Docs Contact:
Priority: high    
Version: unspecifiedCC: blharris, chazlett, fedora, fkrska, jorton, mmaslano, rcollet, sebastian.leitz, vdanen, webstack-team
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: php 5.4.34, php 5.5.18, php 5.6.2 Doc Type: Bug Fix
Doc Text:
A buffer overflow flaw was found in the Exif extension. A specially crafted JPEG or TIFF file could cause a PHP application using the exif_thumbnail() function to crash or, possibly, execute arbitrary code with the privileges of the user running that PHP application.
Story Points: ---
Clone Of: Environment:
Last Closed: 2014-11-06 17:59:16 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1154638, 1154639, 1155019, 1155020, 1155021, 1155022, 1155023, 1155024, 1170148    
Bug Blocks: 1149858, 1154506    

Description Murray McAllister 2014-10-20 04:18:44 UTC
A heap corruption issue was reported in PHP's exif_thumbnail() function. A specially-crafted JPEG image could cause the PHP interpreter to crash or, potentially, execute arbitrary code.

This issue has been fixed in upstream versions 5.4.34, 5.5.18, and 5.6.2.

References:
http://git.php.net/?p=php-src.git;a=commit;h=ddb207e7fa2e9adeba021a1303c3781efda5409b
https://bugs.php.net/bug.php?id=68113
http://php.net/ChangeLog-5.php

Comment 7 Martin Prpič 2014-10-30 11:12:14 UTC
IssueDescription:

A buffer overflow flaw was found in the Exif extension. A specially crafted JPEG or TIFF file could cause a PHP application using the exif_thumbnail() function to crash or, possibly, execute arbitrary code with the privileges of the user running that PHP application.

Comment 8 errata-xmlrpc 2014-10-30 19:45:40 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 5

Via RHSA-2014:1768 https://rhn.redhat.com/errata/RHSA-2014-1768.html

Comment 9 errata-xmlrpc 2014-10-30 19:47:03 UTC
This issue has been addressed in the following products:

  Red Hat Software Collections 1 for Red Hat Enterprise Linux 7
  Red Hat Software Collections 1 for Red Hat Enterprise Linux 6.5 EUS
  Red Hat Software Collections 1 for Red Hat Enterprise Linux 6.4 EUS
  Red Hat Software Collections 1 for Red Hat Enterprise Linux 6.6 EUS
  Red Hat Software Collections 1 for Red Hat Enterprise Linux 6

Via RHSA-2014:1766 https://rhn.redhat.com/errata/RHSA-2014-1766.html

Comment 10 errata-xmlrpc 2014-10-30 19:49:34 UTC
This issue has been addressed in the following products:

  Red Hat Software Collections 1 for Red Hat Enterprise Linux 7
  Red Hat Software Collections 1 for Red Hat Enterprise Linux 6.5 EUS
  Red Hat Software Collections 1 for Red Hat Enterprise Linux 6.4 EUS
  Red Hat Software Collections 1 for Red Hat Enterprise Linux 6.6 EUS
  Red Hat Software Collections 1 for Red Hat Enterprise Linux 6

Via RHSA-2014:1765 https://rhn.redhat.com/errata/RHSA-2014-1765.html

Comment 11 errata-xmlrpc 2014-10-30 20:16:25 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 6
  Red Hat Enterprise Linux 7

Via RHSA-2014:1767 https://rhn.redhat.com/errata/RHSA-2014-1767.html

Comment 12 errata-xmlrpc 2014-11-06 17:01:38 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 5

Via RHSA-2014:1824 https://rhn.redhat.com/errata/RHSA-2014-1824.html

Comment 14 errata-xmlrpc 2015-01-08 18:17:00 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 6.5 EUS - Server and Compute Node Only

Via RHSA-2015:0021 https://rhn.redhat.com/errata/RHSA-2015-0021.html