CVE-2018-14851 — MEDIUM (5.5)

Q: How severe is CVE-2018-14851?

CVE-2018-14851 has been rated MEDIUM with a CVSS base score of 5.5/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2018-14851?

Check the references section above for vendor advisories and patch information. Affected products include: Php Php, Canonical Ubuntu Linux, Debian Debian Linux, Netapp Storage Automation Store.

Vulnerability Description

exif_process_IFD_in_MAKERNOTE in ext/exif/exif.c in PHP before 5.6.37, 7.0.x before 7.0.31, 7.1.x before 7.1.20, and 7.2.x before 7.2.8 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted JPEG file.

CVSS Score

5.5

MEDIUM

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality

NONE

Integrity

NONE

Availability

HIGH

Affected Products

Vendor	Product	Versions
Php	Php	<= 5.6.36
Canonical	Ubuntu Linux	12.04
Debian	Debian Linux	8.0
Netapp	Storage Automation Store	-

Related Weaknesses (CWE)

CWE-125

References

http://php.net/ChangeLog-5.phpRelease NotesVendor Advisory
http://php.net/ChangeLog-7.phpRelease NotesVendor Advisory
http://www.securityfocus.com/bid/104871Third Party AdvisoryVDB Entry
https://access.redhat.com/errata/RHSA-2019:2519
https://bugs.php.net/bug.php?id=76557Issue TrackingPatchVendor Advisory
https://lists.debian.org/debian-lts-announce/2018/09/msg00000.htmlThird Party Advisory
https://security.netapp.com/advisory/ntap-20181107-0003/Third Party Advisory
https://usn.ubuntu.com/3766-1/Third Party Advisory
https://usn.ubuntu.com/3766-2/Third Party Advisory
https://www.debian.org/security/2018/dsa-4353Third Party Advisory
https://www.tenable.com/security/tns-2018-12Third Party Advisory
http://php.net/ChangeLog-5.phpRelease NotesVendor Advisory
http://php.net/ChangeLog-7.phpRelease NotesVendor Advisory
http://www.securityfocus.com/bid/104871Third Party AdvisoryVDB Entry
https://access.redhat.com/errata/RHSA-2019:2519

FAQ

What is CVE-2018-14851?

CVE-2018-14851 is a vulnerability with a CVSS score of 5.5 (MEDIUM). exif_process_IFD_in_MAKERNOTE in ext/exif/exif.c in PHP before 5.6.37, 7.0.x before 7.0.31, 7.1.x before 7.1.20, and 7.2.x before 7.2.8 allows remote attackers to cause a denial of service (out-of-bou...

How severe is CVE-2018-14851?

CVE-2018-14851 has been rated MEDIUM with a CVSS base score of 5.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2018-14851?

Check the references section above for vendor advisories and patch information. Affected products include: Php Php, Canonical Ubuntu Linux, Debian Debian Linux, Netapp Storage Automation Store.