CVE-2018-12882

Updated: 2024-11-30 03:29:44.348282

Description:

exif_read_from_impl in ext/exif/exif.c in PHP 7.2.x through 7.2.7 allows attackers to trigger a use-after-free (in exif_read_from_file) because it closes a stream that it is not responsible for closing. The vulnerable code is reachable through the PHP exif_read_data function.


Links NIST CIRCL RHEL Ubuntu

Severity

Severity Score
CVSS Version 2.x HIGH 7.5
CVSS Version 3.x CRITICAL 9.8

Status

OS name Project name Version Score Severity Status Errata Last updated

Statement
Ubuntu 22.04 php 7.3 9.8 CRITICAL Ignored 2024-05-14 17:10:32
Ubuntu 22.04 php 7.4 9.8 CRITICAL Ignored 2024-05-14 17:10:31
Ubuntu 22.04 php 5.6 9.8 CRITICAL Not Vulnerable 2025-02-26 21:45:39
Ubuntu 22.04 php 8.2 9.8 CRITICAL Ignored 2024-05-14 17:10:31
Ubuntu 22.04 php 8.1 9.8 CRITICAL Ignored 2024-05-14 17:10:28
Ubuntu 24.04 php 7.2 9.8 CRITICAL Not Vulnerable 2025-02-26 21:45:39
Ubuntu 24.04 php 8.1 9.8 CRITICAL Not Vulnerable 2025-02-26 21:45:39
Ubuntu 24.04 php 8.0 9.8 CRITICAL Not Vulnerable 2025-02-26 21:45:39
Ubuntu 24.04 php 7.3 9.8 CRITICAL Not Vulnerable 2025-02-26 21:45:39
Ubuntu 24.04 php 5.6 9.8 CRITICAL Not Vulnerable 2025-02-26 21:45:39
Total: 124