MGASA-2018-0390

Advisory lineage Upstream: 2 Downstream: 0

Upstream

CVE-2018-14851 CVE-2018-14883

Published: 21 Sept 2018, 16:26

Last modified:16 Apr 2026, 06:26

Vulnerability Summary

Overall Risk (default)

minimal

0/100

CVSS Score

No data

EPSS Score

No data

KEV

Not listed

Ransomware

No reports

Public exploits

None found

Dark Web

Not detected

Timeline

21 Sept 2018, 16:26

Published

Vulnerability first disclosed

16 Apr 2026, 06:26

Last Modified

Vulnerability information updated

Description

Updated php packages fix security vulnerability - Int Overflow lead to Heap OverFlow in exif_thumbnail_extract of exif.c (CVE-2018-14883) - heap-buffer-overflow (READ of size 48) while reading exif data (CVE-2018-14851) - XSS due to the header Transfer-Encoding: chunked

Affected Systems

mageia•php
< 5.6.38-1.mga6

References (4)

https://advisories.mageia.org/MGASA-2018-0390.html
https://bugs.mageia.org/show_bug.cgi?id=23564
http://us3.php.net/archive/2018.php#id2018-07-20-1
http://www.php.net/ChangeLog-5.php#5.6.37