Bug 1573797 (CVE-2018-10549) - CVE-2018-10549 php: Out-of-bounds read in ext/exif/exif.c:exif_read_data() when reading crafted JPEG data
Summary: CVE-2018-10549 php: Out-of-bounds read in ext/exif/exif.c:exif_read_data() wh...
Keywords:
Status: CLOSED ERRATA
Alias: CVE-2018-10549
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
low
low
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 1578330 1563859 1573816 1578331
Blocks: 1574650 1573818
TreeView+ depends on / blocked
 
Reported: 2018-05-02 09:48 UTC by Adam Mariš
Modified: 2019-09-29 14:38 UTC (History)
12 users (show)

Fixed In Version: php 5.6.36, php 7.0.30, php 7.1.17, php 7.2.5
Doc Type: If docs needed, set a value
Doc Text:
An out-of-bounds read has been found in PHP when function exif_iif_add_value handles the case of a MakerNote that lacks a final terminator character. A remote attacker could use this vulnerability to cause a crash.
Clone Of:
Environment:
Last Closed: 2019-08-19 08:47:10 UTC


Attachments (Terms of Use)


Links
System ID Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2019:2519 None None None 2019-08-19 08:42:26 UTC

Description Adam Mariš 2018-05-02 09:48:13 UTC
An issue was discovered in PHP before from 5.6.25 to 5.6.36, 7.0.x before 7.0.30, 7.1.x before 7.1.17, and 7.2.x before 7.2.5. exif_read_data in ext/exif/exif.c has an out-of-bounds read for crafted JPEG data because exif_iif_add_value mishandles the case of a MakerNote that lacks a final '\0' character.

Upstream bug:

https://bugs.php.net/bug.php?id=76130

Upstream patch:

https://git.php.net/?p=php-src.git;a=commit;h=b4e4788c4461449b4587e19ef1f474ce938e4980

Comment 1 Adam Mariš 2018-05-02 10:04:40 UTC
Created php tracking bugs for this issue:

Affects: fedora-all [bug 1573816]

Comment 8 errata-xmlrpc 2019-08-19 08:41:04 UTC
This issue has been addressed in the following products:

  Red Hat Software Collections for Red Hat Enterprise Linux 7
  Red Hat Software Collections for Red Hat Enterprise Linux 7.4 EUS
  Red Hat Software Collections for Red Hat Enterprise Linux 7.5 EUS
  Red Hat Software Collections for Red Hat Enterprise Linux 7.6 EUS

Via RHSA-2019:2519 https://access.redhat.com/errata/RHSA-2019:2519

Comment 9 Product Security DevOps Team 2019-08-19 08:47:10 UTC
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):

https://access.redhat.com/security/cve/cve-2018-10549


Note You need to log in before you can comment on or make changes to this bug.