ID CVE-2018-14851
Summary exif_process_IFD_in_MAKERNOTE in ext/exif/exif.c in PHP before 5.6.37, 7.0.x before 7.0.31, 7.1.x before 7.1.20, and 7.2.x before 7.2.8 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted JPEG file.
References
Vulnerable Configurations
  • PHP 5.6.36
    cpe:2.3:a:php:php:5.6.36
  • PHP 7.0.0
    cpe:2.3:a:php:php:7.0.0
  • PHP 7.0.1
    cpe:2.3:a:php:php:7.0.1
  • PHP 7.0.2
    cpe:2.3:a:php:php:7.0.2
  • PHP 7.0.3
    cpe:2.3:a:php:php:7.0.3
  • PHP 7.0.4
    cpe:2.3:a:php:php:7.0.4
  • PHP 7.0.5
    cpe:2.3:a:php:php:7.0.5
  • PHP 7.0.6
    cpe:2.3:a:php:php:7.0.6
  • PHP 7.0.7
    cpe:2.3:a:php:php:7.0.7
  • PHP 7.0.8
    cpe:2.3:a:php:php:7.0.8
  • PHP 7.0.9
    cpe:2.3:a:php:php:7.0.9
  • PHP 7.0.10
    cpe:2.3:a:php:php:7.0.10
  • PHP 7.0.11
    cpe:2.3:a:php:php:7.0.11
  • PHP 7.0.12
    cpe:2.3:a:php:php:7.0.12
  • PHP 7.0.13
    cpe:2.3:a:php:php:7.0.13
  • PHP 7.0.14
    cpe:2.3:a:php:php:7.0.14
  • PHP 7.0.15
    cpe:2.3:a:php:php:7.0.15
  • PHP 7.0.16
    cpe:2.3:a:php:php:7.0.16
  • PHP 7.0.17
    cpe:2.3:a:php:php:7.0.17
  • PHP 7.0.18
    cpe:2.3:a:php:php:7.0.18
  • PHP 7.0.19
    cpe:2.3:a:php:php:7.0.19
  • PHP 7.0.20
    cpe:2.3:a:php:php:7.0.20
  • PHP 7.0.21
    cpe:2.3:a:php:php:7.0.21
  • PHP 7.0.22
    cpe:2.3:a:php:php:7.0.22
  • PHP 7.0.23
    cpe:2.3:a:php:php:7.0.23
  • PHP 7.0.24
    cpe:2.3:a:php:php:7.0.24
  • PHP 7.0.25
    cpe:2.3:a:php:php:7.0.25
  • PHP 7.0.26
    cpe:2.3:a:php:php:7.0.26
  • PHP 7.0.27
    cpe:2.3:a:php:php:7.0.27
  • PHP 7.0.28
    cpe:2.3:a:php:php:7.0.28
  • PHP 7.0.29
    cpe:2.3:a:php:php:7.0.29
  • PHP 7.0.30
    cpe:2.3:a:php:php:7.0.30
  • PHP 7.1.0
    cpe:2.3:a:php:php:7.1.0
  • PHP 7.1.1
    cpe:2.3:a:php:php:7.1.1
  • PHP 7.1.2
    cpe:2.3:a:php:php:7.1.2
  • PHP 7.1.3
    cpe:2.3:a:php:php:7.1.3
  • PHP 7.1.4
    cpe:2.3:a:php:php:7.1.4
  • PHP 7.1.5
    cpe:2.3:a:php:php:7.1.5
  • PHP 7.1.6
    cpe:2.3:a:php:php:7.1.6
  • PHP 7.1.7
    cpe:2.3:a:php:php:7.1.7
  • PHP 7.1.8
    cpe:2.3:a:php:php:7.1.8
  • PHP 7.1.9
    cpe:2.3:a:php:php:7.1.9
  • PHP 7.1.10
    cpe:2.3:a:php:php:7.1.10
  • PHP 7.1.11
    cpe:2.3:a:php:php:7.1.11
  • PHP 7.1.12
    cpe:2.3:a:php:php:7.1.12
  • PHP 7.1.13
    cpe:2.3:a:php:php:7.1.13
  • PHP 7.1.14
    cpe:2.3:a:php:php:7.1.14
  • PHP 7.1.15
    cpe:2.3:a:php:php:7.1.15
  • PHP 7.1.16
    cpe:2.3:a:php:php:7.1.16
  • PHP 7.1.17
    cpe:2.3:a:php:php:7.1.17
  • PHP 7.1.18
    cpe:2.3:a:php:php:7.1.18
  • PHP 7.1.19
    cpe:2.3:a:php:php:7.1.19
  • PHP 7.2.0
    cpe:2.3:a:php:php:7.2.0
  • PHP 7.2.1
    cpe:2.3:a:php:php:7.2.1
  • PHP 7.2.2
    cpe:2.3:a:php:php:7.2.2
  • PHP 7.2.3
    cpe:2.3:a:php:php:7.2.3
  • PHP 7.2.4
    cpe:2.3:a:php:php:7.2.4
  • PHP 7.2.5
    cpe:2.3:a:php:php:7.2.5
  • PHP 7.2.6
    cpe:2.3:a:php:php:7.2.6
  • PHP 7.2.7
    cpe:2.3:a:php:php:7.2.7
  • Canonical Ubuntu Linux 12.04 ESM (Extended Security Maintenance)
    cpe:2.3:o:canonical:ubuntu_linux:12.04:-:-:-:esm
  • Canonical Ubuntu Linux 14.04 LTS (Long-Term Support)
    cpe:2.3:o:canonical:ubuntu_linux:14.04:-:-:-:lts
  • Canonical Ubuntu Linux 16.04 LTS (Long-Term Support)
    cpe:2.3:o:canonical:ubuntu_linux:16.04:-:-:-:lts
  • Canonical Ubuntu Linux 18.04 LTS Edition
    cpe:2.3:o:canonical:ubuntu_linux:18.04:-:-:-:lts
  • Debian Linux 8.0 (Jessie)
    cpe:2.3:o:debian:debian_linux:8.0
  • Debian Linux 9.0
    cpe:2.3:o:debian:debian_linux:9.0
  • cpe:2.3:a:netapp:storage_automation_store
    cpe:2.3:a:netapp:storage_automation_store
CVSS
Base: 4.3
Impact:
Exploitability:
CWE CWE-125
CAPEC
  • Overread Buffers
    An adversary attacks a target by providing input that causes an application to read beyond the boundary of a defined buffer. This typically occurs when a value influencing where to start or stop reading is set to reflect positions outside of the valid memory location of the buffer. This type of attack may result in exposure of sensitive information, a system crash, or arbitrary code execution.
nessus via4
  • NASL family Misc.
    NASL id SECURITYCENTER_5_7_1_TNS_2018_12.NASL
    description According to its self-reported version, the Tenable SecurityCenter application installed on the remote host is prior to 5.7.1. It is, therefore, affected by multiple vulnerabilities. Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
    last seen 2019-02-21
    modified 2018-12-14
    plugin id 117672
    published 2018-09-24
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=117672
    title Tenable SecurityCenter < 5.7.1 Multiple Vulnerabilities (TNS-2018-12)
  • NASL family CGI abuses
    NASL id PHP_7_1_20.NASL
    description According to its banner, the version of PHP running on the remote web server is 7.1.x prior to 7.1.20. It is, therefore, affected by a denial of service vulnerability.
    last seen 2019-02-21
    modified 2018-12-07
    plugin id 111231
    published 2018-07-24
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=111231
    title PHP 7.1.x < 7.1.20 exif_thumbnail_extract() DoS
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2018-2333-1.NASL
    description This update for php7 fixes the following issues: The following security vulnerabilities were fixed : - CVE-2018-14851: Fixed an out-of-bound read in exif_process_IFD_in_MAKERNOTE, which could be exploited by an attacker via crafted JPG files, and could result in an application crash. (bsc#1103659) - CVE-2017-9120: Fixed an buffer overflow in mysqli_real_escape_string, which could be exploited via along string and could result in an application crash or have other unspecified impacts. (bsc#1103661) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2019-01-02
    plugin id 120078
    published 2019-01-02
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=120078
    title SUSE SLES12 Security Update : php7 (SUSE-SU-2018:2333-1)
  • NASL family Amazon Linux Local Security Checks
    NASL id ALA_ALAS-2018-1066.NASL
    description exif_process_IFD_in_MAKERNOTE in ext/exif/exif.c in PHP before 5.6.37, 7.0.x before 7.0.31, and 7.1.x before 7.1.20, allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted JPEG file.(CVE-2018-14851) An issue was discovered in PHP before 5.6.37, 7.0.x before 7.0.31, and 7.1.x before 7.1.20. An Integer Overflow leads to a heap-based buffer over-read in exif_thumbnail_extract of exif.c.(CVE-2018-14883)
    last seen 2019-02-21
    modified 2018-10-04
    plugin id 112093
    published 2018-08-24
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=112093
    title Amazon Linux AMI : php56 / php70,php71 (ALAS-2018-1066)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DLA-1490.NASL
    description Two vulnerabilities have been discovered in php5, a server-side, HTML-embedded scripting language. One (CVE-2018-14851) results in a potential denial of service (out-of-bounds read and application crash) via a crafted JPEG file. The other (CVE-2018-14883) is an Integer Overflow that leads to a heap-based buffer over-read. Additionally, a previously introduced patch for CVE-2017-7272 was found to negatively affect existing PHP applications (#890266). As a result of the negative effects and the fact that the security team has marked the CVE in question as 'ignore,' the patch has been dropped. For Debian 8 'Jessie', these problems have been fixed in version 5.6.37+dfsg-0+deb8u1. We recommend that you upgrade your php5 packages. NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-10-04
    plugin id 112229
    published 2018-09-04
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=112229
    title Debian DLA-1490-1 : php5 security update
  • NASL family SuSE Local Security Checks
    NASL id OPENSUSE-2018-892.NASL
    description This update for php7 fixes the following issues: The following security vulnerabilities were fixed : - CVE-2018-14851: Fixed an out-of-bound read in exif_process_IFD_in_MAKERNOTE, which could be exploited by an attacker via crafted JPG files, and could result in an application crash. (bsc#1103659) - CVE-2017-9120: Fixed an buffer overflow in mysqli_real_escape_string, which could be exploited via along string and could result in an application crash or have other unspecified impacts. (bsc#1103661) This update was imported from the SUSE:SLE-12:Update update project.
    last seen 2019-02-21
    modified 2018-10-01
    plugin id 112001
    published 2018-08-20
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=112001
    title openSUSE Security Update : php7 (openSUSE-2018-892)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2018-2337-1.NASL
    description This update for php7 fixes the following issues: The following security vulnerabilities were fixed : - CVE-2018-14851: Fixed an out-of-bound read in exif_process_IFD_in_MAKERNOTE, which could be exploited by an attacker via crafted JPG files, and could result in an application crash. (bsc#1103659) - CVE-2017-9120: Fixed an buffer overflow in mysqli_real_escape_string, which could be exploited via along string and could result in an application crash or have other unspecified impacts. (bsc#1103661) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2019-01-02
    plugin id 120079
    published 2019-01-02
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=120079
    title SUSE SLES15 Security Update : php7 (SUSE-SU-2018:2337-1)
  • NASL family CGI abuses
    NASL id PHP_7_2_8.NASL
    description According to its banner, the version of PHP running on the remote web server is 7.2.x prior to 7.2.8. It is, therefore, affected by a Use-After-Free Arbitrary Code Execution Vulnerability.
    last seen 2019-02-21
    modified 2018-09-20
    plugin id 111216
    published 2018-07-20
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=111216
    title PHP 7.2.x < 7.2.8 Use After Free Arbitrary Code Execution in EXIF
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-3766-1.NASL
    description It was discovered that PHP incorrectly handled restarting certain child processes when php-fpm is used. A remote attacker could possibly use this issue to cause a denial of service. This issue was only addressed in Ubuntu 18.04 LTS. (CVE-2015-9253) It was discovered that PHP incorrectly handled certain exif tags in JPEG images. A remote attacker could possibly use this issue to cause PHP to crash, resulting in a denial of service. (CVE-2018-14851, CVE-2018-14883). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-01
    plugin id 117539
    published 2018-09-18
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=117539
    title Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS : php5, php7.0, php7.2 vulnerabilities (USN-3766-1)
  • NASL family CGI abuses
    NASL id PHP_7_0_31.NASL
    description According to its banner, the version of PHP running on the remote web server is 7.0.x prior to 7.0.31. It is, therefore, affected by a Use-After-Free Arbitrary Code Execution Vulnerability.
    last seen 2019-02-21
    modified 2018-09-20
    plugin id 111215
    published 2018-07-20
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=111215
    title PHP 7.0.x < 7.0.31 Use After Free Arbitrary Code Execution in EXIF
  • NASL family SuSE Local Security Checks
    NASL id OPENSUSE-2018-998.NASL
    description This update for php5 fixes the following issues : The following security issues were fixed : - CVE-2018-10360: Fixed an out-of-bounds read in the do_core_note function in readelf.c in libmagic.a, which allowed remote attackers to cause a denial of service via a crafted ELF file (bsc#1096984) - CVE-2018-14851: Fixed an out-of-bound read in exif_process_IFD_in_MAKERNOTE, which could be exploited by an attacker via crafted JPG files, and could result in an application crash. (bsc#1103659) - CVE-2018-12882: Fixed an use-after-free in exif_read_from_impl in ext/exif/exif.c (bsc#1099098) - CVE-2017-9118: Fixed an out of bounds access in php_pcre_replace_impl via a crafted preg_replace call (bsc#1105466) This update was imported from the SUSE:SLE-12:Update update project.
    last seen 2019-02-21
    modified 2018-09-13
    plugin id 117477
    published 2018-09-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=117477
    title openSUSE Security Update : php5 (openSUSE-2018-998)
  • NASL family Amazon Linux Local Security Checks
    NASL id ALA_ALAS-2018-1067.NASL
    description exif_process_IFD_in_MAKERNOTE in ext/exif/exif.c in PHP 7.2.x before 7.2.8 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted JPEG file.(CVE-2018-14851) exif_read_from_impl in ext/exif/exif.c in PHP 7.2.x through 7.2.7 allows attackers to trigger a use-after-free (in exif_read_from_file) because it closes a stream that it is not responsible for closing. The vulnerable code is reachable through the PHP exif_read_data function.(CVE-2018-12882) An issue was discovered in PHP 7.2.x before 7.2.8. An Integer Overflow leads to a heap-based buffer over-read in exif_thumbnail_extract of exif.c.(CVE-2018-14883)
    last seen 2019-02-21
    modified 2018-08-31
    plugin id 112094
    published 2018-08-24
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=112094
    title Amazon Linux AMI : php72 (ALAS-2018-1067)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2018-2682-1.NASL
    description This update for php5 fixes the following issues : The following security issues were fixed : CVE-2018-10360: Fixed an out-of-bounds read in the do_core_note function in readelf.c in libmagic.a, which allowed remote attackers to cause a denial of service via a crafted ELF file (bsc#1096984) CVE-2018-14851: Fixed an out-of-bound read in exif_process_IFD_in_MAKERNOTE, which could be exploited by an attacker via crafted JPG files, and could result in an application crash. (bsc#1103659) CVE-2018-12882: Fixed an use-after-free in exif_read_from_impl in ext/exif/exif.c (bsc#1099098) CVE-2017-9118: Fixed an out of bounds access in php_pcre_replace_impl via a crafted preg_replace call (bsc#1105466) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2019-01-02
    plugin id 120095
    published 2019-01-02
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=120095
    title SUSE SLES12 Security Update : php5 (SUSE-SU-2018:2682-1)
  • NASL family CGI abuses
    NASL id PHP_5_6_37_MULTIPLE.NASL
    description This plugin has been deprecated due to prior coverage
    last seen 2018-10-04
    modified 2018-09-20
    plugin id 117340
    published 2018-09-07
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=117340
    title PHP < 5.6.37 or 7.2.x < 7.2.8 Multiple Vulnerabilities (Deprecated)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-4353.NASL
    description Multiple security issues were found in PHP, a widely-used open source general purpose scripting language: The EXIF module was susceptible to denial of service/information disclosure when parsing malformed images, the Apache module allowed cross-site-scripting via the body of a 'Transfer-Encoding: chunked' request and the IMAP extension performed insufficient input validation which can result in the execution of arbitrary shell commands in the imap_open() function and denial of service in the imap_mail() function.
    last seen 2019-02-21
    modified 2019-02-05
    plugin id 119561
    published 2018-12-11
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=119561
    title Debian DSA-4353-1 : php7.0 - security update
  • NASL family CGI abuses
    NASL id PHP_5_6_37.NASL
    description According to its banner, the version of PHP running on the remote web server is 5.6.x prior to 5.6.37. It is, therefore, affected by a denial of service vulnerability.
    last seen 2019-02-21
    modified 2018-12-07
    plugin id 111230
    published 2018-07-24
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=111230
    title PHP 5.6.x < 5.6.37 exif_thumbnail_extract() DoS
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2018-2681-1.NASL
    description This update for php53 fixes the following issues : The following security issues were fixed : CVE-2018-14851: Fixed an out-of-bound read in exif_process_IFD_in_MAKERNOTE, which could be exploited by an attacker via crafted JPG files, and could result in an application crash. (bsc#1103659) CVE-2018-14883: Fixed an integer overflow leading to a heap-based buffer over-read in exif_thumbnail_extract of exif.c. (bsc#1103836) CVE-2017-9118: Fixed an out of bounds access in php_pcre_replace_impl via a crafted preg_replace call (bsc#1105466) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-01
    plugin id 117449
    published 2018-09-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=117449
    title SUSE SLES11 Security Update : php53 (SUSE-SU-2018:2681-1)
refmap via4
bid 104871
confirm
debian DSA-4353
misc
mlist [debian-lts-announce] 20180901 [SECURITY] [DLA 1490-1] php5 security update
ubuntu
  • USN-3766-1
  • USN-3766-2
Last major update 02-08-2018 - 15:29
Published 02-08-2018 - 15:29
Last modified 05-03-2019 - 13:31
Back to Top