1573797 – (CVE-2018-10549) CVE-2018-10549 php: Out-of-bounds read in ext/exif/exif.c:exif_read_data() when reading crafted JPEG data

Bug 1573797 (CVE-2018-10549) - CVE-2018-10549 php: Out-of-bounds read in ext/exif/exif.c:exif_read_data() when reading crafted JPEG data

Summary: CVE-2018-10549 php: Out-of-bounds read in ext/exif/exif.c:exif_read_data() wh...

Keywords:
Status:	CLOSED ERRATA
Alias:	CVE-2018-10549
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	low
Severity:	low
Target Milestone:	---
Assignee:	Red Hat Product Security
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	Engineering1563859 1573816 Engineering1578330 Engineering1578331
Blocks:	Embargoed1573818 Engineering1574650
TreeView+	depends on / blocked

Reported:	2018-05-02 09:48 UTC by Adam Mariš
Modified:	2021-12-10 16:04 UTC (History)
CC List:	12 users (show)
Fixed In Version:	php 5.6.36, php 7.0.30, php 7.1.17, php 7.2.5
Doc Type:	If docs needed, set a value
Doc Text:	An out-of-bounds read has been found in PHP when function exif_iif_add_value handles the case of a MakerNote that lacks a final terminator character. A remote attacker could use this vulnerability to cause a crash.
Clone Of:
Environment:
Last Closed:	2019-08-19 08:47:10 UTC

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHSA-2019:2519	0	None	None	None	2019-08-19 08:42:26 UTC

Description Adam Mariš 2018-05-02 09:48:13 UTC

An issue was discovered in PHP before from 5.6.25 to 5.6.36, 7.0.x before 7.0.30, 7.1.x before 7.1.17, and 7.2.x before 7.2.5. exif_read_data in ext/exif/exif.c has an out-of-bounds read for crafted JPEG data because exif_iif_add_value mishandles the case of a MakerNote that lacks a final '\0' character.

Upstream bug:

https://bugs.php.net/bug.php?id=76130

Upstream patch:

https://git.php.net/?p=php-src.git;a=commit;h=b4e4788c4461449b4587e19ef1f474ce938e4980

Comment 1 Adam Mariš 2018-05-02 10:04:40 UTC

Created php tracking bugs for this issue:

Affects: fedora-all [bug 1573816]

Comment 8 errata-xmlrpc 2019-08-19 08:41:04 UTC

This issue has been addressed in the following products:

  Red Hat Software Collections for Red Hat Enterprise Linux 7
  Red Hat Software Collections for Red Hat Enterprise Linux 7.4 EUS
  Red Hat Software Collections for Red Hat Enterprise Linux 7.5 EUS
  Red Hat Software Collections for Red Hat Enterprise Linux 7.6 EUS

Via RHSA-2019:2519 https://access.redhat.com/errata/RHSA-2019:2519

Comment 9 Product Security DevOps Team 2019-08-19 08:47:10 UTC

This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):

https://access.redhat.com/security/cve/cve-2018-10549

Note You need to log in before you can comment on or make changes to this bug.