Vulnerability Description
exif_read_from_impl in ext/exif/exif.c in PHP 7.2.x through 7.2.7 allows attackers to trigger a use-after-free (in exif_read_from_file) because it closes a stream that it is not responsible for closing. The vulnerable code is reachable through the PHP exif_read_data function.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Php | Php | >= 7.2.0, <= 7.2.7 |
| Canonical | Ubuntu Linux | 18.04 |
| Netapp | Storage Automation Store | - |
Related Weaknesses (CWE)
References
- http://www.securityfocus.com/bid/104551Third Party AdvisoryVDB Entry
- https://bugs.php.net/bug.php?id=76409Issue TrackingPatchVendor Advisory
- https://security.netapp.com/advisory/ntap-20181109-0001/Third Party Advisory
- https://usn.ubuntu.com/3702-1/Third Party Advisory
- https://usn.ubuntu.com/3702-2/Third Party Advisory
- http://www.securityfocus.com/bid/104551Third Party AdvisoryVDB Entry
- https://bugs.php.net/bug.php?id=76409Issue TrackingPatchVendor Advisory
- https://security.netapp.com/advisory/ntap-20181109-0001/Third Party Advisory
- https://usn.ubuntu.com/3702-1/Third Party Advisory
- https://usn.ubuntu.com/3702-2/Third Party Advisory
FAQ
What is CVE-2018-12882?
CVE-2018-12882 is a vulnerability with a CVSS score of 9.8 (CRITICAL). exif_read_from_impl in ext/exif/exif.c in PHP 7.2.x through 7.2.7 allows attackers to trigger a use-after-free (in exif_read_from_file) because it closes a stream that it is not responsible for closin...
How severe is CVE-2018-12882?
CVE-2018-12882 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2018-12882?
Check the references section above for vendor advisories and patch information. Affected products include: Php Php, Canonical Ubuntu Linux, Netapp Storage Automation Store.