First published: Thu Jun 07 2018(Updated: )
exif_process_IFD_in_MAKERNOTE in ext/exif/exif.c in PHP before 5.6.37, 7.0.x before 7.0.31, 7.1.x before 7.1.20, and 7.2.x before 7.2.8 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted JPEG file.
Credit: cve@mitre.org cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
redhat/rh-php71-php | <0:7.1.30-1.el7 | 0:7.1.30-1.el7 |
PHP PHP | <=5.6.36 | |
PHP PHP | >=7.0.0<7.0.31 | |
PHP PHP | >=7.1.0<7.1.20 | |
PHP PHP | >=7.2.0<7.2.8 | |
Canonical Ubuntu Linux | =12.04 | |
Canonical Ubuntu Linux | =14.04 | |
Canonical Ubuntu Linux | =16.04 | |
Canonical Ubuntu Linux | =18.04 | |
Debian Debian Linux | =8.0 | |
Debian Debian Linux | =9.0 | |
Netapp Storage Automation Store | ||
PHP PHP | <7.0.31 | 7.0.31 |
redhat/php | <5.6.37 | 5.6.37 |
redhat/php | <7.0.31 | 7.0.31 |
redhat/php | <7.1.20 | 7.1.20 |
redhat/php | <7.2.8 | 7.2.8 |
debian/php5 | ||
debian/php7.0 | ||
debian/php7.1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID for this bug is CVE-2018-14851.
The severity of CVE-2018-14851 is medium with a severity value of 5.9.
PHP versions before 5.6.37, 7.0.x before 7.0.31, 7.1.x before 7.1.20, and 7.2.x before 7.2.8 are affected by CVE-2018-14851.
A remote attacker can exploit CVE-2018-14851 by sending a crafted JPEG file, which can cause a denial of service by triggering an out-of-bounds read and application crash.
You can find more information about CVE-2018-14851 at the following references: [1] [2] [3]