CVE-2018-14883 — Out-of-bounds Read in PHP

CWE-125 — Out-of-bounds Read CWE-190 — Integer Overflow or Wraparound12 documents9 sources

Severity

7.5HIGHNVD

OSV6.5

EPSS

20.3%

top 4.47%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Php5 PHP Canonical Ubuntu Linux +1 more

Timeline

PublishedAug 3

Latest updateJan 27

Description

An issue was discovered in PHP before 5.6.37, 7.0.x before 7.0.31, 7.1.x before 7.1.20, and 7.2.x before 7.2.8. An Integer Overflow leads to a heap-based buffer over-read in exif_thumbnail_extract of exif.c.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages3 packages

▶NVDphp/php7.0.0 — 7.0.31+3

▶Alpinephp5/php5< 5.6.37-r0

▶Ubuntuphp5/php5< 5.5.9+dfsg-1ubuntu4.26

Also affects: Debian Linux 8.0, 9.0, Ubuntu Linux 12.04, 14.04, 16.04, 18.04

Patches

Patch: bugs.php.net ↗Patch: bugs.php.net ↗

🔴Vulnerability Details

GHSA

GHSA-42jg-f4qq-3gvm: An issue was discovered in PHP before 5↗2022-05-13

▶

OSV

php5, php7.0, php7.2 vulnerabilities↗2018-09-18

▶

OSV

CVE-2018-14883: An issue was discovered in PHP before 5↗2018-08-03

▶

📋Vendor Advisories

CISA ICS

Festo Didactic SE MES PC↗2026-01-27

▶

Ubuntu

PHP vulnerabilities↗2018-09-19

▶

Ubuntu

PHP vulnerabilities↗2018-09-18

▶

Red Hat

php: exif: integer overflow leading to out-of-bound buffer read in exif_thumbnail_extract()↗2018-06-07

▶

📄Research Papers

arXiv

Beyond Tag Collision: Cluster-based Memory Management for Tag-based Sanitizers↗2025-09-11

▶

arXiv

PACSan: Enforcing Memory Safety Based on ARM PA↗2022-02-08

▶

💬Community

Bugzilla

CVE-2018-14883 php: exif: integer overflow leading to out-of-bound buffer read in exif_thumbnail_extract()↗2018-07-30

▶