Vulnerability CVE-2018-10549


Published: 2018-04-29

Description:
An issue was discovered in PHP before 5.6.36, 7.0.x before 7.0.30, 7.1.x before 7.1.17, and 7.2.x before 7.2.5. exif_read_data in ext/exif/exif.c has an out-of-bounds read for crafted JPEG data because exif_iif_add_value mishandles the case of a MakerNote that lacks a final '\0' character.

Vendor: Debian
Product: Debian linux 
Version: 9.0; 8.0;
Vendor: PHP
Product: PHP 
Version:
7.2.4
7.2.3
7.2.2
7.2.1
7.2.0
7.1.9
7.1.8
7.1.7
7.1.6
7.1.5
7.1.4
7.1.3
7.1.2
7.1.16
7.1.15
7.1.14
7.1.13
7.1.12
7.1.11
7.1.10
7.1.1
7.1.0
7.0.9
7.0.8
7.0.7
7.0.6
7.0.5
7.0.4
7.0.3
7.0.29
7.0.28
7.0.27
7.0.26
7.0.25
7.0.24
7.0.23
7.0.22
7.0.21
7.0.20
7.0.2
7.0.19
7.0.18
7.0.17
7.0.16
7.0.15
7.0.14
7.0.13
7.0.12
7.0.11
7.0.10
7.0.1
7.0.0
5.6.9
5.6.8
5.6.7
5.6.6
5.6.5
5.6.4
5.6.34
5.6.33
5.6.32
5.6.31
5.6.30
5.6.3
5.6.29
5.6.28
5.6.27
5.6.26
5.6.25
5.6.24
5.6.23
5.6.22
5.6.21
5.6.20
5.6.2
5.6.19
5.6.18
5.6.17
5.6.16
5.6.15
5.6.14
5.6.13
5.6.12
5.6.11
5.6.10
5.6.1
5.6.0
5.5.9
5.5.8
5.5.7
5.5.6
5.5.5
5.5.4
5.5.38
5.5.37
5.5.36
5.5.35
5.5.34
See more versions on NVD

CVSS2 => (AV:N/AC:M/Au:N/C:P/I:P/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
6.8/10
6.4/10
8.6/10
Exploit range
Attack complexity
Authentication
Remote
Medium
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
Partial
Partial

 References:
http://php.net/ChangeLog-5.php
http://php.net/ChangeLog-7.php
http://www.securityfocus.com/bid/104019
http://www.securitytracker.com/id/1040807
https://bugs.php.net/bug.php?id=76130
https://lists.debian.org/debian-lts-announce/2018/06/msg00005.html
https://security.gentoo.org/glsa/201812-01
https://security.netapp.com/advisory/ntap-20180607-0003/
https://usn.ubuntu.com/3646-1/
https://www.debian.org/security/2018/dsa-4240
https://www.synology.com/support/security/Synology_SA_18_20
https://www.tenable.com/security/tns-2018-12

Related CVE
CVE-2019-11040
When PHP EXIF extension is parsing EXIF information from an image, e.g. via exif_read_data() function, in PHP versions 7.1.x below 7.1.30, 7.2.x below 7.2.19 and 7.3.x below 7.3.6 it is possible to supply it with data what will cause it to read past ...
CVE-2019-11039
Function iconv_mime_decode_headers() in PHP versions 7.1.x below 7.1.30, 7.2.x below 7.2.19 and 7.3.x below 7.3.6 may perform out-of-buffer read due to integer overflow when parsing MIME headers. This may lead to information disclosure or crash.
CVE-2019-11038
When using gdImageCreateFromXbm() function of PHP gd extension in PHP versions 7.1.x below 7.1.30, 7.2.x below 7.2.19 and 7.3.x below 7.3.6, it is possible to supply data that will cause the function to use the value of uninitialized variable. This m...
CVE-2019-11037
In PHP imagick extension in versions between 3.3.0 and 3.4.4, writing to an array of values in ImagickKernel::fromMatrix() function did not check that the address will be within the allocated array. This could lead to out of bounds write to memory if...
CVE-2019-11036
When processing certain files, PHP EXIF extension in versions 7.1.x below 7.1.29, 7.2.x below 7.2.18 and 7.3.x below 7.3.5 can be caused to read past allocated buffer in exif_process_IFD_TAG function. This may lead to information disclosure or crash.
CVE-2019-11035
When processing certain files, PHP EXIF extension in versions 7.1.x below 7.1.28, 7.2.x below 7.2.17 and 7.3.x below 7.3.4 can be caused to read past allocated buffer in exif_iif_add_value function. This may lead to information disclosure or crash.
CVE-2019-11034
When processing certain files, PHP EXIF extension in versions 7.1.x below 7.1.28, 7.2.x below 7.2.17 and 7.3.x below 7.3.4 can be caused to read past allocated buffer in exif_process_IFD_TAG function. This may lead to information disclosure or crash.
CVE-2019-9675
** DISPUTED ** An issue was discovered in PHP 7.x before 7.1.27 and 7.3.x before 7.3.3. phar_tar_writeheaders_int in ext/phar/tar.c has a buffer overflow via a long link value. NOTE: The vendor indicates that the link value is used only when an archi...

Copyright 2019, cxsecurity.com

 

Back to Top