exif_read_from_impl in ext/exif/exif.c in PHP 7.2.x up to and including 7.2.7 allows malicious users to trigger a use-after-free (in exif_read_from_file) because it closes a stream that it is not responsible for closing. The vulnerable code is reachable through the PHP exif_read_data function.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
php php |
||
canonical ubuntu linux 18.04 |
||
netapp storage automation store - |