SB2018072105 - Memory corruption in php7 (Alpine package)
Published: July 21, 2018
Security Bulletin ID
SB2018072105
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Remote access
Highest impact
Denial of service
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Memory corruption (CVE-ID: CVE-2018-10549)
The vulnerability allows a remote attacker to cause DoS condition on the target system.The weakness exists in exif_read_data() function due to an out-of-bounds read while processing crafted JPEG data. A remote attacker can supply a specially image file, trigger heap-based buffer overflow in exif_iif_add_value and cause the service to crash.
Remediation
Install update from vendor's website.
References
- https://git.alpinelinux.org/aports/commit/?id=da479a7adc9366cbc8f662b0412d7feea79fd9d6
- https://git.alpinelinux.org/aports/commit/?id=d42b915a2245405763bb485ededfbdb01393f109
- https://git.alpinelinux.org/aports/commit/?id=797bba4604043977849b0c0cf0b2ef7b21b1ea8c
- https://git.alpinelinux.org/aports/commit/?id=38460e57f1f299ba2454aa7869c699f1ab333ca1