SUSE-SU-2018:2682-1

Advisory lineage Upstream: 4 Downstream: 0

Upstream

CVE-2017-9118 CVE-2018-10360 CVE-2018-12882 CVE-2018-14851

Published: 10 Sept 2018, 15:59

Last modified:04 Feb 2026, 03:05

Vulnerability Summary

Overall Risk (default)

minimal

0/100

CVSS Score

No data

EPSS Score

No data

KEV

Not listed

Ransomware

No reports

Public exploits

None found

Dark Web

Not detected

Timeline

10 Sept 2018, 15:59

Published

Vulnerability first disclosed

04 Feb 2026, 03:05

Last Modified

Vulnerability information updated

Description

Security update for php5 This update for php5 fixes the following issues: The following security issues were fixed: - CVE-2018-10360: Fixed an out-of-bounds read in the do_core_note function in readelf.c in libmagic.a, which allowed remote attackers to cause a denial of service via a crafted ELF file (bsc#1096984) - CVE-2018-14851: Fixed an out-of-bound read in exif_process_IFD_in_MAKERNOTE, which could be exploited by an attacker via crafted JPG files, and could result in an application crash. (bsc#1103659) - CVE-2018-12882: Fixed an use-after-free in exif_read_from_impl in ext/exif/exif.c (bsc#1099098) - CVE-2017-9118: Fixed an out of bounds access in php_pcre_replace_impl via a crafted preg_replace call (bsc#1105466)

Affected Systems

suse•php5&distro=SUSE Linux Enterprise Module for Web and Scripting 12
< 5.5.14-109.38.1
suse•php5&distro=SUSE Linux Enterprise Software Development Kit 12 SP3
< 5.5.14-109.38.1

SUSE-SU-2018:2682-1

Vulnerability Summary

Timeline

Description

Affected Systems

References (9)