Bug 1154502 (CVE-2014-3670) - CVE-2014-3670 php: heap corruption issue in exif_thumbnail()
Summary: CVE-2014-3670 php: heap corruption issue in exif_thumbnail()
Keywords:
Status: CLOSED ERRATA
Alias: CVE-2014-3670
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
high
high
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 1154638 1154639 1155019 1155020 1155021 1155022 1155023 1155024 1170148
Blocks: 1149858 1154506
TreeView+ depends on / blocked
 
Reported: 2014-10-20 04:18 UTC by Murray McAllister
Modified: 2019-09-29 13:23 UTC (History)
10 users (show)

Fixed In Version: php 5.4.34, php 5.5.18, php 5.6.2
Doc Type: Bug Fix
Doc Text:
A buffer overflow flaw was found in the Exif extension. A specially crafted JPEG or TIFF file could cause a PHP application using the exif_thumbnail() function to crash or, possibly, execute arbitrary code with the privileges of the user running that PHP application.
Clone Of:
Environment:
Last Closed: 2014-11-06 17:59:16 UTC
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
PHP Bug Tracker 68113 0 None None None Never
Red Hat Product Errata RHSA-2014:1765 0 normal SHIPPED_LIVE Important: php54-php security update 2014-10-30 23:45:24 UTC
Red Hat Product Errata RHSA-2014:1766 0 normal SHIPPED_LIVE Important: php55-php security update 2014-10-30 23:45:12 UTC
Red Hat Product Errata RHSA-2014:1767 0 normal SHIPPED_LIVE Important: php security update 2014-10-31 00:16:02 UTC
Red Hat Product Errata RHSA-2014:1768 0 normal SHIPPED_LIVE Important: php53 security update 2014-10-30 23:44:46 UTC
Red Hat Product Errata RHSA-2014:1824 0 normal SHIPPED_LIVE Important: php security update 2014-11-06 21:59:32 UTC
Red Hat Product Errata RHSA-2015:0021 0 normal SHIPPED_LIVE Important: php security update 2015-01-08 23:15:58 UTC

Description Murray McAllister 2014-10-20 04:18:44 UTC 
A heap corruption issue was reported in PHP's exif_thumbnail() function. A specially-crafted JPEG image could cause the PHP interpreter to crash or, potentially, execute arbitrary code.

This issue has been fixed in upstream versions 5.4.34, 5.5.18, and 5.6.2.

References:
http://git.php.net/?p=php-src.git;a=commit;h=ddb207e7fa2e9adeba021a1303c3781efda5409b
https://bugs.php.net/bug.php?id=68113
http://php.net/ChangeLog-5.php
Comment 7 Martin Prpič 2014-10-30 11:12:14 UTC 
IssueDescription:

A buffer overflow flaw was found in the Exif extension. A specially crafted JPEG or TIFF file could cause a PHP application using the exif_thumbnail() function to crash or, possibly, execute arbitrary code with the privileges of the user running that PHP application.
Comment 8 errata-xmlrpc 2014-10-30 19:45:40 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 5

Via RHSA-2014:1768 https://rhn.redhat.com/errata/RHSA-2014-1768.html
Comment 9 errata-xmlrpc 2014-10-30 19:47:03 UTC 
This issue has been addressed in the following products:

  Red Hat Software Collections 1 for Red Hat Enterprise Linux 7
  Red Hat Software Collections 1 for Red Hat Enterprise Linux 6.5 EUS
  Red Hat Software Collections 1 for Red Hat Enterprise Linux 6.4 EUS
  Red Hat Software Collections 1 for Red Hat Enterprise Linux 6.6 EUS
  Red Hat Software Collections 1 for Red Hat Enterprise Linux 6

Via RHSA-2014:1766 https://rhn.redhat.com/errata/RHSA-2014-1766.html
Comment 10 errata-xmlrpc 2014-10-30 19:49:34 UTC 
This issue has been addressed in the following products:

  Red Hat Software Collections 1 for Red Hat Enterprise Linux 7
  Red Hat Software Collections 1 for Red Hat Enterprise Linux 6.5 EUS
  Red Hat Software Collections 1 for Red Hat Enterprise Linux 6.4 EUS
  Red Hat Software Collections 1 for Red Hat Enterprise Linux 6.6 EUS
  Red Hat Software Collections 1 for Red Hat Enterprise Linux 6

Via RHSA-2014:1765 https://rhn.redhat.com/errata/RHSA-2014-1765.html
Comment 11 errata-xmlrpc 2014-10-30 20:16:25 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 6
  Red Hat Enterprise Linux 7

Via RHSA-2014:1767 https://rhn.redhat.com/errata/RHSA-2014-1767.html
Comment 12 errata-xmlrpc 2014-11-06 17:01:38 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 5

Via RHSA-2014:1824 https://rhn.redhat.com/errata/RHSA-2014-1824.html
Comment 14 errata-xmlrpc 2015-01-08 18:17:00 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 6.5 EUS - Server and Compute Node Only

Via RHSA-2015:0021 https://rhn.redhat.com/errata/RHSA-2015-0021.html
Note You need to log in before you can comment on or make changes to this bug.