I am using WAMP server version 3.1.4 64 bit, having PHP version 7.2.10, Apache version 2.4.35,
There are Multiple Heap Buffer Overflow Vulnerabilities for PHP versions prior to 7.3.3.
Vulnerabilities listed here
and patch for the Vulnerability available here
Possible solution is i can download latest Wamp server(Which provide PHP version 7.3.4) and install it, but here is catch, my some of the applications requires SSH access to other remote server to run scripts on remote servers and some applications also requierd SFTP connections to remote servers,You can check here that php_ssh2.dll,php_ssh2.pdb is only available for PHP verion 7.2, not for PHP version 7.3, so if i upgrade WAMP server to latest verion, These applications will stop working, So i have to apply patch available to provide audit compliance.
I dont know how to apply these patch and also not able to find any article which helps/guide me for the same.
Link of patch posted above and i am also mentioning content of patch file below
diff --git a/ext/exif/exif.c b/ext/exif/exif.c
index fe89b85471..0b5bb5ae21 100644
--- a/ext/exif/exif.c
+++ b/ext/exif/exif.c
@@ -2802,6 +2802,10 @@ static int exif_process_IFD_in_MAKERNOTE(image_info_type *ImageInfo, char * valu
exif_error_docref("exif_read_data#error_ifd" EXIFERR_CC, ImageInfo, E_WARNING, "Illegal IFD size: 2 + 0x%04X*12 = 0x%04X > 0x%04X", NumDirEntries, 2+NumDirEntries*12, value_len);
return FALSE;
}
+ if ((dir_start - value_ptr) > value_len - (2+NumDirEntries*12)) {
+ exif_error_docref("exif_read_data#error_ifd" EXIFERR_CC, ImageInfo, E_WARNING, "Illegal IFD size: 0x%04X > 0x%04X", (dir_start - value_ptr) + (2+NumDirEntries*12), value_len);
+ return FALSE;
+ }
for (de=0;de<NumDirEntries;de++) {
if (!exif_process_IFD_TAG(ImageInfo, dir_start + 2 + 12 * de,
Can anyone help me with how can i apply this patch ?
