CVE-2018-14883 - OpenCVE

An issue was discovered in PHP before 5.6.37, 7.0.x before 7.0.31, 7.1.x before 7.1.20, and 7.2.x before 7.2.8. An Integer Overflow leads to a heap-based buffer over-read in exif_thumbnail_extract of exif.c.

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

AV:N/AC:L/Au:N/C:N/I:N/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Debian	Debian Linux
Canonical	Ubuntu Linux
Php	Php
Netapp	Storage Automation Store

Configuration 1 [-]

OR	cpe:2.3:a:php:php::::::::
	cpe:2.3:a:php:php::::::::
	cpe:2.3:a:php:php::::::::
	cpe:2.3:a:php:php::::::::

Configuration 2 [-]

OR	cpe:2.3:o:canonical:ubuntu_linux:12.04::::esm:::
	cpe:2.3:o:canonical:ubuntu_linux:14.04::::lts:::
	cpe:2.3:o:canonical:ubuntu_linux:16.04::::lts:::
	cpe:2.3:o:canonical:ubuntu_linux:18.04::::lts:::

Configuration 3 [-]

OR	cpe:2.3:o:debian:debian_linux:8.0:::::::*
	cpe:2.3:o:debian:debian_linux:9.0:::::::*

Configuration 4 [-]

cpe:2.3:a:netapp:storage_automation_store:-:*:*:*:*:*:*:*

References

Link	Resource
http://php.net/ChangeLog-5.php	Vendor Advisory
http://php.net/ChangeLog-7.php	Vendor Advisory
http://www.securityfocus.com/bid/104871	Third Party Advisory VDB Entry
https://bugs.php.net/bug.php?id=76423	Exploit Issue Tracking Patch Vendor Advisory
https://lists.debian.org/debian-lts-announce/2018/09/msg00000.html	Mailing List Third Party Advisory
https://security.netapp.com/advisory/ntap-20181107-0003/	Third Party Advisory
https://usn.ubuntu.com/3766-1/	Third Party Advisory
https://usn.ubuntu.com/3766-2/	Third Party Advisory
https://www.debian.org/security/2018/dsa-4353	Third Party Advisory
https://www.tenable.com/security/tns-2018-12	Third Party Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2018-08-03T13:00:00

Updated: 2018-12-11T10:57:01

Reserved: 2018-08-03T00:00:00

Link: CVE-2018-14883

JSON object: View

NVD Information

Status : Analyzed

Published: 2018-08-03T13:29:00.253

Modified: 2020-08-24T17:37:01.140

Link: CVE-2018-14883

JSON object: View

Redhat Information

No data.

CWE

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2018-08-03T00:00:00", "descriptions": [{"lang": "en", "value": "An issue was discovered in PHP before 5.6.37, 7.0.x before 7.0.31, 7.1.x before 7.1.20, and 7.2.x before 7.2.8. An Integer Overflow leads to a heap-based buffer over-read in exif_thumbnail_extract of exif.c."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-12-11T10:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "104871", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/104871"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://security.netapp.com/advisory/ntap-20181107-0003/"}, {"name": "USN-3766-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "https://usn.ubuntu.com/3766-1/"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://www.tenable.com/security/tns-2018-12"}, {"name": "DSA-4353", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "https://www.debian.org/security/2018/dsa-4353"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://php.net/ChangeLog-5.php"}, {"name": "[debian-lts-announce] 20180901 [SECURITY] [DLA 1490-1] php5 security update", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00000.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://bugs.php.net/bug.php?id=76423"}, {"name": "USN-3766-2", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "https://usn.ubuntu.com/3766-2/"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://php.net/ChangeLog-7.php"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2018-14883", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "An issue was discovered in PHP before 5.6.37, 7.0.x before 7.0.31, 7.1.x before 7.1.20, and 7.2.x before 7.2.8. An Integer Overflow leads to a heap-based buffer over-read in exif_thumbnail_extract of exif.c."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "104871", "refsource": "BID", "url": "http://www.securityfocus.com/bid/104871"}, {"name": "https://security.netapp.com/advisory/ntap-20181107-0003/", "refsource": "CONFIRM", "url": "https://security.netapp.com/advisory/ntap-20181107-0003/"}, {"name": "USN-3766-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/3766-1/"}, {"name": "https://www.tenable.com/security/tns-2018-12", "refsource": "CONFIRM", "url": "https://www.tenable.com/security/tns-2018-12"}, {"name": "DSA-4353", "refsource": "DEBIAN", "url": "https://www.debian.org/security/2018/dsa-4353"}, {"name": "http://php.net/ChangeLog-5.php", "refsource": "CONFIRM", "url": "http://php.net/ChangeLog-5.php"}, {"name": "[debian-lts-announce] 20180901 [SECURITY] [DLA 1490-1] php5 security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00000.html"}, {"name": "https://bugs.php.net/bug.php?id=76423", "refsource": "CONFIRM", "url": "https://bugs.php.net/bug.php?id=76423"}, {"name": "USN-3766-2", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/3766-2/"}, {"name": "http://php.net/ChangeLog-7.php", "refsource": "CONFIRM", "url": "http://php.net/ChangeLog-7.php"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2018-14883", "datePublished": "2018-08-03T13:00:00", "dateReserved": "2018-08-03T00:00:00", "dateUpdated": "2018-12-11T10:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:php:php:*:*:*:*:*:*:*:*", "matchCriteriaId": "C7790A37-5872-498A-AF77-4C72F5E6535E", "versionEndExcluding": "5.6.37", "vulnerable": true}, {"criteria": "cpe:2.3:a:php:php:*:*:*:*:*:*:*:*", "matchCriteriaId": "D4F254A0-4FCB-4015-B4BA-FC634D47A473", "versionEndExcluding": "7.0.31", "versionStartIncluding": "7.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:php:php:*:*:*:*:*:*:*:*", "matchCriteriaId": "D9AEDB1B-9295-45A4-80FE-E10DF404E267", "versionEndExcluding": "7.1.20", "versionStartIncluding": "7.1.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:php:php:*:*:*:*:*:*:*:*", "matchCriteriaId": "FF1D395B-6711-40A9-8E0E-9153B8A71F04", "versionEndExcluding": "7.2.8", "versionStartIncluding": "7.2.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*", "matchCriteriaId": "8D305F7A-D159-4716-AB26-5E38BB5CD991", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*", "matchCriteriaId": "B5A6F2F3-4894-4392-8296-3B8DD2679084", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", "matchCriteriaId": "F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", "matchCriteriaId": "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43", "vulnerable": true}, {"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:netapp:storage_automation_store:-:*:*:*:*:*:*:*", "matchCriteriaId": "7B7A6697-98CC-4E36-93DB-B7160F8399F9", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "An issue was discovered in PHP before 5.6.37, 7.0.x before 7.0.31, 7.1.x before 7.1.20, and 7.2.x before 7.2.8. An Integer Overflow leads to a heap-based buffer over-read in exif_thumbnail_extract of exif.c."}, {"lang": "es", "value": "Se ha descubierto un problema en PHP en versiones anteriores a la 5.6.37, versiones 7.0.x anteriores a la 7.0.31, versiones 7.1.x anteriores a la 7.1.20 y versiones 7.2.x anteriores a la 7.2.8. Un desbordamiento de enteros conduce a una sobrelectura de b\u00fafer basada en memoria din\u00e1mica (heap) en exif_thumbnail_extract en exif.c."}], "id": "CVE-2018-14883", "lastModified": "2020-08-24T17:37:01.140", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2018-08-03T13:29:00.253", "references": [{"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://php.net/ChangeLog-5.php"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://php.net/ChangeLog-7.php"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/104871"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Issue Tracking", "Patch", "Vendor Advisory"], "url": "https://bugs.php.net/bug.php?id=76423"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00000.html"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://security.netapp.com/advisory/ntap-20181107-0003/"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://usn.ubuntu.com/3766-1/"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://usn.ubuntu.com/3766-2/"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://www.debian.org/security/2018/dsa-4353"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://www.tenable.com/security/tns-2018-12"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-125"}, {"lang": "en", "value": "CWE-190"}], "source": "nvd@nist.gov", "type": "Primary"}]}