Launchpad CVE tracker

CVE 2018-14851

exif_process_IFD_in_MAKERNOTE in ext/exif/exif.c in PHP before 5.6.37, 7.0.x before 7.0.31, 7.1.x before 7.1.20, and 7.2.x before 7.2.8 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted JPEG file.

Related bugs and status

CVE-2018-14851 (Candidate) is related to these bugs:

Bug #1792987: [MRE] Please update to latest upstream release 7.0.32 / 7.2.10

Summary				In	Importance	Status
	1792987	[MRE] Please update to latest upstream release 7.0.32 / 7.2.10		php7.0 (Ubuntu)	Undecided	Fix Released
	1792987	[MRE] Please update to latest upstream release 7.0.32 / 7.2.10		php7.2 (Ubuntu)	Undecided	Fix Released

Bug #1792991: Please apply security fixes from PHP 5.5.36 to 5.5.38

Summary				In	Importance	Status
	1792991	Please apply security fixes from PHP 5.5.36 to 5.5.38		php5 (Ubuntu)	Undecided	Fix Released

See the

CVE page on Mitre.org for more details.

References

MISC: http://php.net/ChangeL...
MISC: http://php.net/ChangeL...
MISC: https://bugs.php.net/b...
MLIST: [debian-lts-announce] ...
UBUNTU: USN-3766-1
CONFIRM: https://www.tenable.co...
UBUNTU: USN-3766-2
BID: 104871
CONFIRM: https://security.netap...
DEBIAN: DSA-4353
REDHAT: RHSA-2019:2519

Launchpad.net

CVE 2018-14851

Related bugs and status

Related bugs

References