CVE-2018-12882 — Use After Free in PHP

CWE-416 — Use After Free11 documents8 sources

Severity

9.8CRITICALNVD

EPSS

6.1%

top 9.19%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

PHP Canonical Ubuntu Linux

Timeline

PublishedJun 26

Latest updateJan 27

Description

exif_read_from_impl in ext/exif/exif.c in PHP 7.2.x through 7.2.7 allows attackers to trigger a use-after-free (in exif_read_from_file) because it closes a stream that it is not responsible for closing. The vulnerable code is reachable through the PHP exif_read_data function.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages1 packages

▶NVDphp/php7.2.0 — 7.2.7

Also affects: Ubuntu Linux 18.04

Patches

Patch: bugs.php.net ↗Patch: bugs.php.net ↗

🔴Vulnerability Details

GHSA

GHSA-p666-3cc6-g2c6: exif_read_from_impl in ext/exif/exif↗2022-05-14

▶

OSV

php7.2 vulnerability↗2018-07-05

▶

OSV

CVE-2018-12882: exif_read_from_impl in ext/exif/exif↗2018-06-25

▶

📋Vendor Advisories

CISA ICS

Festo Didactic SE MES PC↗2026-01-27

▶

Ubuntu

PHP vulnerability↗2018-07-05

▶

Ubuntu

PHP vulnerability↗2018-07-04

▶

Red Hat

php: Use-after-free reachable via the exif.c:exif_read_from_impl() function↗2018-06-03

▶

💬Community

HackerOne

CVE-2018-12882: heap-use-after-free in PHP 7.2 through 7.2.6, possible 7.2.7↗2018-09-01

▶

Bugzilla

CVE-2018-12882 php: Use-after-free reachable via the exif.c:exif_read_from_impl() function↗2018-06-27

▶

Bugzilla

CVE-2018-12882 php: Use-after-free reachable via the exif.c:exif_read_from_impl() function [fedora-28]↗2018-06-27

▶