CVE-2018-10549

Public on 2018-04-29

Modified on 2018-05-10

Description

An out-of-bounds read has been found in PHP when function exif_iif_add_value handles the case of a MakerNote that lacks a final terminator character. A remote attacker could use this vulnerability to cause a crash.

Severity

Low

See what this means

CVSS v3 Base Score

3.7

See breakdown

Affected Packages

Platform	Package	Release Date	Advisory	Status
Amazon Linux 1	php56	2018-05-10	ALAS-2018-1019	Fixed
Amazon Linux 1	php70	2018-05-10	ALAS-2018-1019	Fixed
Amazon Linux 1	php71	2018-05-10	ALAS-2018-1019	Fixed

CVSS Scores

	Score Type	Score	Vector
Amazon Linux	CVSSv3	3.7	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L

References

FAQs regarding Amazon Linux ALAS/CVE Severity Red Hat: CVE-2018-10549 Mitre: CVE-2018-10549