MGASA-2018-0222

Advisory lineage Upstream: 4 Downstream: 0

Upstream

CVE-2018-10546 CVE-2018-10547 CVE-2018-10548 CVE-2018-10549

Published: 04 May 2018, 17:29

Last modified:16 Apr 2026, 06:22

Vulnerability Summary

Overall Risk (default)

minimal

0/100

CVSS Score

No data

EPSS Score

No data

KEV

Not listed

Ransomware

No reports

Public exploits

None found

Dark Web

Not detected

Timeline

04 May 2018, 17:29

Published

Vulnerability first disclosed

16 Apr 2026, 06:22

Last Modified

Vulnerability information updated

Description

Updated php packages fix security vulnerabilities - Heap Buffer Overflow (READ: 1786) in exif_iif_add_value (CVE-2018-10549) - Stream filter convert.iconv leads to infinite loop on invalid sequence (CVE-2018-10546) - Malicious LDAP-Server Response causes Crash. (CVE-2018-10548) - incomplete PHAR Fix (CVE-2018-10547)

Affected Systems

mageia•php
< 5.6.36-1.mga5
mageia•php
< 5.6.36-1.mga6

References (2)

https://advisories.mageia.org/MGASA-2018-0222.html
https://bugs.mageia.org/show_bug.cgi?id=22980