Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2018-12882

Опубликовано: 03 июн. 2018
Источник: redhat
CVSS3: 6.3

Описание

exif_read_from_impl in ext/exif/exif.c in PHP 7.2.x through 7.2.7 allows attackers to trigger a use-after-free (in exif_read_from_file) because it closes a stream that it is not responsible for closing. The vulnerable code is reachable through the PHP exif_read_data function.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 5phpNot affected
Red Hat Enterprise Linux 5php53Not affected
Red Hat Enterprise Linux 6phpNot affected
Red Hat Enterprise Linux 7phpNot affected
Red Hat Enterprise Linux 8phpNot affected
Red Hat Software Collectionsrh-php70-phpNot affected
Red Hat Software Collectionsrh-php71-phpNot affected

Показывать по

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-416
https://bugzilla.redhat.com/show_bug.cgi?id=1595502php: Use-after-free reachable via the exif.c:exif_read_from_impl() function

6.3 Medium

CVSS3

Связанные уязвимости

CVSS3: 9.8
ubuntu
около 7 лет назад

exif_read_from_impl in ext/exif/exif.c in PHP 7.2.x through 7.2.7 allows attackers to trigger a use-after-free (in exif_read_from_file) because it closes a stream that it is not responsible for closing. The vulnerable code is reachable through the PHP exif_read_data function.

CVSS3: 9.8
nvd
около 7 лет назад

exif_read_from_impl in ext/exif/exif.c in PHP 7.2.x through 7.2.7 allows attackers to trigger a use-after-free (in exif_read_from_file) because it closes a stream that it is not responsible for closing. The vulnerable code is reachable through the PHP exif_read_data function.

CVSS3: 9.8
debian
около 7 лет назад

exif_read_from_impl in ext/exif/exif.c in PHP 7.2.x through 7.2.7 allo ...

suse-cvrf
почти 7 лет назад

Security update for php7

suse-cvrf
почти 7 лет назад

Security update for php7

6.3 Medium

CVSS3