Bugzilla will be upgraded to version 5.0 on a still to be determined date in the near future. The original upgrade date has been delayed.
First Last Prev Next    This bug is not in your last search results.
Bug 1609642 - (CVE-2018-14851) CVE-2018-14851 php: exif: buffer over-read in exif_process_IFD_in_MAKERNOTE()
CVE-2018-14851 php: exif: buffer over-read in exif_process_IFD_in_MAKERNOTE()
Status: NEW
Product: Security Response
Classification: Other
Component: vulnerability (Show other bugs)
unspecified
All Linux
low Severity low
: ---
: ---
Assigned To: Red Hat Product Security
impact=low,public=20180607,reported=2...
: Security
Depends On: 1610186 1610187 1611758 1611759 1611760
Blocks: 1609640
  Show dependency treegraph
 
Reported: 2018-07-30 01:36 EDT by Sam Fowler
Modified: 2018-10-25 11:41 EDT (History)
7 users (show)

See Also:
Fixed In Version: php 5.6.37, php 7.0.31, php 7.1.20, php 7.2.8
Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed:
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

  None (edit)
Description Sam Fowler 2018-07-30 01:36:59 EDT 
PHP before versions 5.6.37, 7.0.31, 7.1.20 and 7.2.8 is vulnerable to a heap-based buffer overflow in the exif.c:exif_process_IFD_in_MAKERNOTE() function. An attacker could exploit this to cause a denial of service via crafted file.


Upstream Bug:

https://bugs.php.net/bug.php?id=76557


Upstream Patch:

http://git.php.net/?p=php-src.git;a=commit;h=3462efa386f26d343062094514af604c29e3edce
Comment 2 Sam Fowler 2018-07-31 03:14:57 EDT 
Created php tracking bugs for this issue:

Affects: fedora-all [bug 1610186]
Comment 4 Tomas Hoger 2018-08-02 12:30:31 EDT 
This is an out-of-bounds read issue, that can possibly lead to crash or limited memory disclosure.
Comment 5 Tomas Hoger 2018-08-02 12:33:46 EDT 
For deployments that do not require the use of Exif extension, you can consult bug 1609637 comment 6 for tips on how to prevent accidental use.
Note You need to log in before you can comment on or make changes to this bug.
First Last Prev Next    This bug is not in your last search results.