CVE-2018-12882

NameCVE-2018-12882
Descriptionexif_read_from_impl in ext/exif/exif.c in PHP 7.2.x through 7.2.7 allows attackers to trigger a use-after-free (in exif_read_from_file) because it closes a stream that it is not responsible for closing. The vulnerable code is reachable through the PHP exif_read_data function.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
php5source(unstable)(not affected)
php7.0source(unstable)(not affected)
php7.1source(unstable)(not affected)
php7.2source(unstable)7.2.8-1

Notes

- php7.1 <not-affected> (Specific to 7.2.x)
- php7.0 <not-affected> (Specific to 7.2.x)
- php5 <not-affected> (Specific to 7.2.x)
PHP Bug: https://bugs.php.net/bug.php?id=76409
https://git.php.net/?p=php-src.git;a=commit;h=3fdde65617e9f954e2c964768aac8831005497e5
Search for package or bug name: Reporting problems