Published: 29/04/2018 Updated: 19/08/2019

CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6

CVSS v3 Base Score: 8.8 | Impact Score: 5.9 | Exploitability Score: 2.8

VMScore: 606

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

An issue exists in PHP prior to 5.6.36, 7.0.x prior to 7.0.30, 7.1.x prior to 7.1.17, and 7.2.x prior to 7.2.5. exif_read_data in ext/exif/exif.c has an out-of-bounds read for crafted JPEG data because exif_iif_add_value mishandles the case of a MakerNote that lacks a final '\0' character.

Vulnerable Product	Search on Vulmon	Subscribe to Product
php php
canonical ubuntu linux 16.04
canonical ubuntu linux 18.04
canonical ubuntu linux 17.10
debian debian linux 8.0
debian debian linux 9.0
netapp storage automation store -

Synopsis Moderate: rh-php71-php security, bug fix, and enhancement update Type/Severity Security Advisory: Moderate Topic An update for rh-php71-php is now available for Red Hat Software CollectionsRed Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerabilit ...

Several security issues were fixed in PHP ...

Several vulnerabilities were found in PHP, a widely-used open source general purpose scripting language: CVE-2018-7584 Buffer underread in parsing HTTP responses CVE-2018-10545 Dumpable FPM child processes allowed the bypass of opcache access controls CVE-2018-10546 Denial of service via infinite loop in converticonv stream filter ...

Null pointer dereference due to mishandling of ldap_get_dn return value allows denial-of-service by malicious LDAP server or man-in-the-middle attackerAn issue was discovered in PHP before 5636, 70x before 7030, 71x before 7117, and 72x before 725 ext/ldap/ldapc allows remote LDAP servers to cause a denial of service (NULL pointer d ...

An out-of-bounds read has been found in PHP when function exif_iif_add_value handles the case of a MakerNote that lacks a final terminator character A remote attacker could use this vulnerability to cause a crash ...

SecurityCenter leverages third-party software to help provide underlying functionality Two separate third-party components (PHP and OpenSSL) were found to contain vulnerabilities, and updated versions have been made available by the providers Out of caution and in line with good practice, Tenable opted to upgrade the bundled libraries to address ...

Shodan Cheat Sheet --------------------------------- < Shodan Search> ----------------------------------- ----------------- < popular fields > ------- ------------------------- < boolians > ----------------------- | ip_str :show ips | | has_screenshot:true :devices that has screenshots | | por

CWE-125 https://bugs.php.net/bug.php?id=76130 http://php.net/ChangeLog-7.php http://php.net/ChangeLog-5.php http://www.securityfocus.com/bid/104019 https://www.synology.com/support/security/Synology_SA_18_20 http://www.securitytracker.com/id/1040807 https://usn.ubuntu.com/3646-1/https://security.netapp.com/advisory/ntap-20180607-0003/https://lists.debian.org/debian-lts-announce/2018/06/msg00005.html https://www.debian.org/security/2018/dsa-4240 https://www.tenable.com/security/tns-2018-12 https://security.gentoo.org/glsa/201812-01 https://access.redhat.com/errata/RHSA-2019:2519 https://access.redhat.com/errata/RHSA-2019:2519 https://nvd.nist.gov https://usn.ubuntu.com/3646-1/

CVE-2018-10549

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

Github Repositories

References

Vulmon Search

About

Products

Connect