Launchpad.net

Launchpad Home
Code
Bugs
Blueprints
Translations
Answers

CVE 2018-12882

exif_read_from_impl in ext/exif/exif.c in PHP 7.2.x through 7.2.7 allows attackers to trigger a use-after-free (in exif_read_from_file) because it closes a stream that it is not responsible for closing. The vulnerable code is reachable through the PHP exif_read_data function.

Related bugs and status

CVE-2018-12882 (Candidate) is related to these bugs:

Bug #1792987: [MRE] Please update to latest upstream release 7.0.32 / 7.2.10

Summary				In	Importance	Status
	1792987	[MRE] Please update to latest upstream release 7.0.32 / 7.2.10		php7.0 (Ubuntu)	Undecided	Fix Released
	1792987	[MRE] Please update to latest upstream release 7.0.32 / 7.2.10		php7.2 (Ubuntu)	Undecided	Fix Released

See the

CVE page on Mitre.org for more details.

References

CONFIRM: https://bugs.php.net/b...
BID: 104551
UBUNTU: USN-3702-1
UBUNTU: USN-3702-2
CONFIRM: https://security.netap...