Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
5
CVSSv2

CVE-2018-14883

Published: 03/08/2018 Updated: 24/08/2020
CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10
CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9
VMScore: 445
Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
Subscribe to Php

Vulnerability Summary

An issue exists in PHP prior to 5.6.37, 7.0.x prior to 7.0.31, 7.1.x prior to 7.1.20, and 7.2.x prior to 7.2.8. An Integer Overflow leads to a heap-based buffer over-read in exif_thumbnail_extract of exif.c.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

php php

canonical ubuntu linux 18.04

canonical ubuntu linux 12.04

canonical ubuntu linux 14.04

canonical ubuntu linux 16.04

debian debian linux 8.0

debian debian linux 9.0

netapp storage automation store -

Vendor Advisories

Ubuntu Security Notice: php5 vulnerabilities
Several security issues were fixed in PHP ...
Ubuntu Security Notice: php5, php7.0, php7.2 vulnerabilities
Several security issues were fixed in PHP ...
Debian Security Advisories: DSA-4353-1 php7.0 -- security update
Multiple security issues were found in PHP, a widely-used open source general purpose scripting language: The EXIF module was susceptible to denial of service/information disclosure when parsing malformed images, the Apache module allowed cross-site-scripting via the body of a "Transfer-Encoding: chunked" request and the IMAP extension performed in ...
Amazon Linux AMI: ALAS-2018-1067
exif_process_IFD_in_MAKERNOTE in ext/exif/exifc in PHP 72x before 728 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted JPEG file(CVE-2018-14851) exif_read_from_impl in ext/exif/exifc in PHP 72x through 727 allows attackers to trigger a use-after-free (in exif_read_from_file) be ...
Amazon Linux AMI: ALAS-2018-1066
exif_process_IFD_in_MAKERNOTE in ext/exif/exifc in PHP before 5637, 70x before 7031, and 71x before 7120, allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted JPEG file(CVE-2018-14851) An issue was discovered in PHP before 5637, 70x before 7031, and 71x before 7120 An I ...
Tenable Security Advisories: [R1] SecurityCenter 5.7.1 Fixes Multiple Third-Party Vulnerabilities
SecurityCenter leverages third-party software to help provide underlying functionality Two separate third-party components (PHP and OpenSSL) were found to contain vulnerabilities, and updated versions have been made available by the providers Out of caution and in line with good practice, Tenable opted to upgrade the bundled libraries to address ...

References

CWE-125CWE-190https://bugs.php.net/bug.php?id=76423http://php.net/ChangeLog-7.phphttp://php.net/ChangeLog-5.phphttps://lists.debian.org/debian-lts-announce/2018/09/msg00000.htmlhttps://usn.ubuntu.com/3766-1/https://www.tenable.com/security/tns-2018-12https://usn.ubuntu.com/3766-2/http://www.securityfocus.com/bid/104871https://security.netapp.com/advisory/ntap-20181107-0003/https://www.debian.org/security/2018/dsa-4353https://usn.ubuntu.com/3766-2/https://nvd.nist.gov
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
deserializationCVE-2024-4040cross-site scriptingCVE-2023-25790CVE-2024-2961XML external entityCVE-2024-26926CVE-2024-32806CVE-2024-32711
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook