CVE-2018-12882

See a problem?

Source

https://nvd.nist.gov/vuln/detail/CVE-2018-12882

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-12882.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2018-12882

Related

SUSE-SU-2018:1886-1
SUSE-SU-2018:1936-1
SUSE-SU-2018:1936-2
SUSE-SU-2018:2044-1
SUSE-SU-2018:2682-1
SUSE-SU-2022:4067-1
USN-3702-1
USN-3702-2
openSUSE-SU-2024:11167-1
openSUSE-SU-2024:11169-1

Published

2018-06-26T03:29:00Z

Modified

2024-05-29T23:34:57Z

Severity

9.8 (Critical) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

exifreadfromimpl in ext/exif/exif.c in PHP 7.2.x through 7.2.7 allows attackers to trigger a use-after-free (in exifreadfromfile) because it closes a stream that it is not responsible for closing. The vulnerable code is reachable through the PHP exifreaddata function.

References

http://www.securityfocus.com/bid/104551
https://bugs.php.net/bug.php?id=76409
https://security.netapp.com/advisory/ntap-20181109-0001/
https://usn.ubuntu.com/3702-1/
https://usn.ubuntu.com/3702-2/

Affected packages

Git / github.com/php/php-src

Affected ranges

Type: GIT
Repo: https://github.com/php/php-src
Events: Introduced

8148cbb78841c8ec0759c0836e7f35dec799d300

Last affected

a70ed769120fd596db56bba791766ecb2d1ad39f