Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2018-10549

Опубликовано: 26 апр. 2018
Источник: redhat
CVSS3: 3.7
EPSS Низкий

Описание

An issue was discovered in PHP before 5.6.36, 7.0.x before 7.0.30, 7.1.x before 7.1.17, and 7.2.x before 7.2.5. exif_read_data in ext/exif/exif.c has an out-of-bounds read for crafted JPEG data because exif_iif_add_value mishandles the case of a MakerNote that lacks a final '\0' character.

An out-of-bounds read has been found in PHP when function exif_iif_add_value handles the case of a MakerNote that lacks a final terminator character. A remote attacker could use this vulnerability to cause a crash.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 5phpNot affected
Red Hat Enterprise Linux 5php53Not affected
Red Hat Enterprise Linux 6phpNot affected
Red Hat Enterprise Linux 7phpNot affected
Red Hat Enterprise Linux 8phpNot affected
Red Hat Software Collectionsrh-php70-phpFix deferred
Red Hat Software Collections for Red Hat Enterprise Linux 7rh-php71-phpFixedRHSA-2019:251919.08.2019
Red Hat Software Collections for Red Hat Enterprise Linux 7.4 EUSrh-php71-phpFixedRHSA-2019:251919.08.2019
Red Hat Software Collections for Red Hat Enterprise Linux 7.5 EUSrh-php71-phpFixedRHSA-2019:251919.08.2019
Red Hat Software Collections for Red Hat Enterprise Linux 7.6 EUSrh-php71-phpFixedRHSA-2019:251919.08.2019

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Low
Дефект:
CWE-125
https://bugzilla.redhat.com/show_bug.cgi?id=1573797php: Out-of-bounds read in ext/exif/exif.c:exif_read_data() when reading crafted JPEG data

EPSS

Процентиль: 89%
0.04541
Низкий

3.7 Low

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2018-10549

CVSS3: 8.8
ubuntu
около 7 лет назад

An issue was discovered in PHP before 5.6.36, 7.0.x before 7.0.30, 7.1.x before 7.1.17, and 7.2.x before 7.2.5. exif_read_data in ext/exif/exif.c has an out-of-bounds read for crafted JPEG data because exif_iif_add_value mishandles the case of a MakerNote that lacks a final '\0' character.

nvd логотип

CVE-2018-10549

CVSS3: 8.8
nvd
около 7 лет назад

An issue was discovered in PHP before 5.6.36, 7.0.x before 7.0.30, 7.1.x before 7.1.17, and 7.2.x before 7.2.5. exif_read_data in ext/exif/exif.c has an out-of-bounds read for crafted JPEG data because exif_iif_add_value mishandles the case of a MakerNote that lacks a final '\0' character.

debian логотип

CVE-2018-10549

CVSS3: 8.8
debian
около 7 лет назад

An issue was discovered in PHP before 5.6.36, 7.0.x before 7.0.30, 7.1 ...

github логотип

GHSA-89g9-q2qh-fmrm

CVSS3: 8.8
github
около 3 лет назад

An issue was discovered in PHP before 5.6.36, 7.0.x before 7.0.30, 7.1.x before 7.1.17, and 7.2.x before 7.2.5. exif_read_data in ext/exif/exif.c has an out-of-bounds read for crafted JPEG data because exif_iif_add_value mishandles the case of a MakerNote that lacks a final '\0' character.

fstec логотип

BDU:2019-04236

CVSS3: 8.8
fstec
около 7 лет назад

Уязвимость функции exif_read_data (ext/exif/exif.c) интерпретатора языка программирования PHP, позволяющая нарушителю выполнить произвольный код или вызвать отказ в обслуживании

EPSS

Процентиль: 89%
0.04541
Низкий

3.7 Low

CVSS3