Bug 1609642 (CVE-2018-14851)

Summary: CVE-2018-14851 php: exif: Buffer over-read in exif_process_IFD_in_MAKERNOTE()
Product: [Other] Security Response Reporter: Sam Fowler <sfowler>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED ERRATA QA Contact:
Severity: low Docs Contact:
Priority: low    
Version: unspecifiedCC: andreas.maus, fedora, hhorak, jorton, rcollet, webstack-team, yozone
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: php 5.6.37, php 7.0.31, php 7.1.20, php 7.2.8 Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2019-08-19 08:47:21 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1610186, 1610187, 1611758, 1611759, 1611760    
Bug Blocks: 1609640    

Description Sam Fowler 2018-07-30 05:36:59 UTC 
PHP before versions 5.6.37, 7.0.31, 7.1.20 and 7.2.8 is vulnerable to a heap-based buffer overflow in the exif.c:exif_process_IFD_in_MAKERNOTE() function. An attacker could exploit this to cause a denial of service via crafted file.


Upstream Bug:

https://bugs.php.net/bug.php?id=76557


Upstream Patch:

http://git.php.net/?p=php-src.git;a=commit;h=3462efa386f26d343062094514af604c29e3edce
Comment 2 Sam Fowler 2018-07-31 07:14:57 UTC 
Created php tracking bugs for this issue:

Affects: fedora-all [bug 1610186]
Comment 4 Tomas Hoger 2018-08-02 16:30:31 UTC 
This is an out-of-bounds read issue, that can possibly lead to crash or limited memory disclosure.
Comment 5 Tomas Hoger 2018-08-02 16:33:46 UTC 
For deployments that do not require the use of Exif extension, you can consult bug 1609637 comment 6 for tips on how to prevent accidental use.
Comment 8 errata-xmlrpc 2019-08-19 08:42:29 UTC 
This issue has been addressed in the following products:

  Red Hat Software Collections for Red Hat Enterprise Linux 7
  Red Hat Software Collections for Red Hat Enterprise Linux 7.4 EUS
  Red Hat Software Collections for Red Hat Enterprise Linux 7.5 EUS
  Red Hat Software Collections for Red Hat Enterprise Linux 7.6 EUS

Via RHSA-2019:2519 https://access.redhat.com/errata/RHSA-2019:2519
Comment 9 Product Security DevOps Team 2019-08-19 08:47:21 UTC 
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):

https://access.redhat.com/security/cve/cve-2018-14851