Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
NVD Vulnerability Details :
CVE-2018-14851
Modified
More InfoOfficial Page
Source-cve@mitre.org
View Known Exploited Vulnerability (KEV) details
Published At-02 Aug, 2018 | 19:29
Updated At-19 Aug, 2019 | 11:15

exif_process_IFD_in_MAKERNOTE in ext/exif/exif.c in PHP before 5.6.37, 7.0.x before 7.0.31, 7.1.x before 7.1.20, and 7.2.x before 7.2.8 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted JPEG file.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.05.5MEDIUM
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Primary2.04.3MEDIUM
AV:N/AC:M/Au:N/C:N/I:N/A:P
CPE Matches
The PHP Group
php
>>php>>Versions up to 5.6.36(inclusive)
cpe:2.3:a:php:php:*:*:*:*:*:*:*:*
The PHP Group
php
>>php>>Versions from 7.0.0(inclusive) to 7.0.31(exclusive)
cpe:2.3:a:php:php:*:*:*:*:*:*:*:*
The PHP Group
php
>>php>>Versions from 7.1.0(inclusive) to 7.1.20(exclusive)
cpe:2.3:a:php:php:*:*:*:*:*:*:*:*
The PHP Group
php
>>php>>Versions from 7.2.0(inclusive) to 7.2.8(exclusive)
cpe:2.3:a:php:php:*:*:*:*:*:*:*:*
Canonical Ltd.
canonical
>>ubuntu_linux>>12.04
cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*
Canonical Ltd.
canonical
>>ubuntu_linux>>14.04
cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
Canonical Ltd.
canonical
>>ubuntu_linux>>16.04
cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*
Canonical Ltd.
canonical
>>ubuntu_linux>>18.04
cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*
Debian GNU/Linux
debian
>>debian_linux>>8.0
cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
Debian GNU/Linux
debian
>>debian_linux>>9.0
cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
NetApp, Inc.
netapp
>>storage_automation_store>>-
cpe:2.3:a:netapp:storage_automation_store:-:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-125Primarynvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
http://php.net/ChangeLog-5.phpcve@mitre.org
Release Notes
Vendor Advisory
http://php.net/ChangeLog-7.phpcve@mitre.org
Release Notes
Vendor Advisory
http://www.securityfocus.com/bid/104871cve@mitre.org
Third Party Advisory
VDB Entry
https://access.redhat.com/errata/RHSA-2019:2519cve@mitre.org
N/A
https://bugs.php.net/bug.php?id=76557cve@mitre.org
Issue Tracking
Patch
Vendor Advisory
https://lists.debian.org/debian-lts-announce/2018/09/msg00000.htmlcve@mitre.org
Third Party Advisory
https://security.netapp.com/advisory/ntap-20181107-0003/cve@mitre.org
Third Party Advisory
https://usn.ubuntu.com/3766-1/cve@mitre.org
Third Party Advisory
https://usn.ubuntu.com/3766-2/cve@mitre.org
Third Party Advisory
https://www.debian.org/security/2018/dsa-4353cve@mitre.org
Third Party Advisory
https://www.tenable.com/security/tns-2018-12cve@mitre.org
Third Party Advisory
Change History
0Changes found
Details not found