CVE-2018-14851 — Out-of-bounds Read in PHP

CWE-125 — Out-of-bounds Read10 documents7 sources

Severity

5.5MEDIUMNVD

OSV6.5

EPSS

0.4%

top 38.83%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Php5 PHP Canonical Ubuntu Linux +1 more

Timeline

PublishedAug 2

Latest updateJan 27

Description

exif_process_IFD_in_MAKERNOTE in ext/exif/exif.c in PHP before 5.6.37, 7.0.x before 7.0.31, 7.1.x before 7.1.20, and 7.2.x before 7.2.8 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted JPEG file.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages3 packages

▶NVDphp/php7.0.0 — 7.0.31+3

▶Alpinephp5/php5< 5.6.37-r0

▶Ubuntuphp5/php5< 5.5.9+dfsg-1ubuntu4.26

Also affects: Debian Linux 8.0, 9.0, Ubuntu Linux 12.04, 14.04, 16.04, 18.04

Patches

Patch: bugs.php.net ↗Patch: bugs.php.net ↗

🔴Vulnerability Details

GHSA

GHSA-f8q9-j8w7-gmcr: exif_process_IFD_in_MAKERNOTE in ext/exif/exif↗2022-05-14

▶

OSV

php5, php7.0, php7.2 vulnerabilities↗2018-09-18

▶

OSV

CVE-2018-14851: exif_process_IFD_in_MAKERNOTE in ext/exif/exif↗2018-08-02

▶

📋Vendor Advisories

CISA ICS

Festo Didactic SE MES PC↗2026-01-27

▶

Ubuntu

PHP vulnerabilities↗2018-09-19

▶

Ubuntu

PHP vulnerabilities↗2018-09-18

▶

Red Hat

php: exif: Buffer over-read in exif_process_IFD_in_MAKERNOTE()↗2018-06-07

▶

💬Community

Bugzilla

CVE-2018-14851 php: exif: buffer over-read in exif_process_IFD_in_MAKERNOTE() [fedora-all]↗2018-07-31

▶

Bugzilla

CVE-2018-14851 php: exif: Buffer over-read in exif_process_IFD_in_MAKERNOTE()↗2018-07-30

▶