Published: 26/06/2018 Updated: 12/03/2019

CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10

CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9

VMScore: 668

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

exif_read_from_impl in ext/exif/exif.c in PHP 7.2.x up to and including 7.2.7 allows malicious users to trigger a use-after-free (in exif_read_from_file) because it closes a stream that it is not responsible for closing. The vulnerable code is reachable through the PHP exif_read_data function.

Vulnerable Product	Search on Vulmon	Subscribe to Product
php php
canonical ubuntu linux 18.04
netapp storage automation store -

PHP could be made to crash or run programs if it opened a specially crafted file ...

exif_process_IFD_in_MAKERNOTE in ext/exif/exifc in PHP 72x before 728 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted JPEG file(CVE-2018-14851) exif_read_from_impl in ext/exif/exifc in PHP 72x through 727 allows attackers to trigger a use-after-free (in exif_read_from_file) be ...

CWE-416 https://bugs.php.net/bug.php?id=76409 http://www.securityfocus.com/bid/104551 https://usn.ubuntu.com/3702-1/https://usn.ubuntu.com/3702-2/https://security.netapp.com/advisory/ntap-20181109-0001/https://nvd.nist.gov https://usn.ubuntu.com/3702-2/

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2018-12882

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect