ID CVE-2018-12882
Summary exif_read_from_impl in ext/exif/exif.c in PHP 7.2.x through 7.2.7 allows attackers to trigger a use-after-free (in exif_read_from_file) because it closes a stream that it is not responsible for closing. The vulnerable code is reachable through the PHP exif_read_data function.
References
Vulnerable Configurations
  • PHP 7.2.0
    cpe:2.3:a:php:php:7.2.0
  • PHP 7.2.1
    cpe:2.3:a:php:php:7.2.1
  • PHP 7.2.2
    cpe:2.3:a:php:php:7.2.2
  • PHP 7.2.3
    cpe:2.3:a:php:php:7.2.3
  • PHP 7.2.4
    cpe:2.3:a:php:php:7.2.4
  • PHP 7.2.5
    cpe:2.3:a:php:php:7.2.5
  • PHP 7.2.6
    cpe:2.3:a:php:php:7.2.6
  • PHP 7.2.7
    cpe:2.3:a:php:php:7.2.7
  • Canonical Ubuntu Linux 18.04 LTS Edition
    cpe:2.3:o:canonical:ubuntu_linux:18.04:-:-:-:lts
  • cpe:2.3:a:netapp:storage_automation_store
    cpe:2.3:a:netapp:storage_automation_store
CVSS
Base: 7.5
Impact:
Exploitability:
CWE CWE-416
CAPEC
nessus via4
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-3702-1.NASL
    description It was discovered that PHP incorrectly handled exif tags in certain images. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-01
    plugin id 110924
    published 2018-07-05
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=110924
    title Ubuntu 18.04 LTS : php7.2 vulnerability (USN-3702-1)
  • NASL family SuSE Local Security Checks
    NASL id OPENSUSE-2018-737.NASL
    description This update for php7 fixes the following issues : - CVE-2018-12882: exif_read_from_impl allowed attackers to trigger a use-after-free (in exif_read_from_file) because it closed a stream that it is not responsible for closing (bsc#1099098). This update was imported from the SUSE:SLE-15:Update update project.
    last seen 2019-02-21
    modified 2018-09-04
    plugin id 111194
    published 2018-07-20
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=111194
    title openSUSE Security Update : php7 (openSUSE-2018-737)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2018-2044-1.NASL
    description This update for php53 fixes the following issues: The following security issue was fixed : - An out-of-bounds read in the do_core_note function in readelf.c in libmagic.a allowed remote attackers to cause a denial of service via a crafted ELF file (CVE-2018-10360, bsc#1096984) - CVE-2018-12882: exif_read_from_impl allowed attackers to trigger a use-after-free (in exif_read_from_file) because it closed a stream that it is not responsible for closing (bsc#1099098) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-01
    plugin id 111265
    published 2018-07-24
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=111265
    title SUSE SLES11 Security Update : php53 (SUSE-SU-2018:2044-1)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2018-1936-2.NASL
    description This update for php7 fixes the following issues : - CVE-2018-12882: exif_read_from_impl allowed attackers to trigger a use-after-free (in exif_read_from_file) because it closed a stream that it is not responsible for closing (bsc#1099098). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2019-01-02
    plugin id 120042
    published 2019-01-02
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=120042
    title SUSE SLES15 Security Update : php7 (SUSE-SU-2018:1936-2)
  • NASL family CGI abuses
    NASL id PHP_7_2_8.NASL
    description According to its banner, the version of PHP running on the remote web server is 7.2.x prior to 7.2.8. It is, therefore, affected by a Use-After-Free Arbitrary Code Execution Vulnerability.
    last seen 2019-02-21
    modified 2018-09-20
    plugin id 111216
    published 2018-07-20
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=111216
    title PHP 7.2.x < 7.2.8 Use After Free Arbitrary Code Execution in EXIF
  • NASL family SuSE Local Security Checks
    NASL id OPENSUSE-2018-708.NASL
    description This update for php7 fixes the following issues : - CVE-2018-12882: exif_read_from_impl allowed attackers to trigger a use-after-free (in exif_read_from_file) because it closed a stream that it is not responsible for closing (bsc#1099098) This update was imported from the SUSE:SLE-12:Update update project.
    last seen 2019-02-21
    modified 2018-09-04
    plugin id 110964
    published 2018-07-09
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=110964
    title openSUSE Security Update : php7 (openSUSE-2018-708)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2018-1886-1.NASL
    description This update for php7 fixes the following issues : - CVE-2018-12882: exif_read_from_impl allowed attackers to trigger a use-after-free (in exif_read_from_file) because it closed a stream that it is not responsible for closing (bsc#1099098) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2019-01-02
    plugin id 120033
    published 2019-01-02
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=120033
    title SUSE SLES12 Security Update : php7 (SUSE-SU-2018:1886-1)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-3702-2.NASL
    description USN-3702-1 fixed a vulnerability in PHP. PHP 7.2.7 did not actually include the fix for CVE-2018-12882. This update adds a backported patch to correct the issue. We apologize for the inconvenience. Original advisory details : It was discovered that PHP incorrectly handled exif tags in certain images. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-01
    plugin id 110940
    published 2018-07-06
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=110940
    title Ubuntu 18.04 LTS : php7.2 vulnerability (USN-3702-2)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2018-1936-1.NASL
    description This update for php7 fixes the following issues : - CVE-2018-12882: exif_read_from_impl allowed attackers to trigger a use-after-free (in exif_read_from_file) because it closed a stream that it is not responsible for closing (bsc#1099098). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2019-01-02
    plugin id 120041
    published 2019-01-02
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=120041
    title SUSE SLES15 Security Update : php7 (SUSE-SU-2018:1936-1)
  • NASL family CGI abuses
    NASL id PHP_7_0_31.NASL
    description According to its banner, the version of PHP running on the remote web server is 7.0.x prior to 7.0.31. It is, therefore, affected by a Use-After-Free Arbitrary Code Execution Vulnerability.
    last seen 2019-02-21
    modified 2018-09-20
    plugin id 111215
    published 2018-07-20
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=111215
    title PHP 7.0.x < 7.0.31 Use After Free Arbitrary Code Execution in EXIF
  • NASL family SuSE Local Security Checks
    NASL id OPENSUSE-2018-998.NASL
    description This update for php5 fixes the following issues : The following security issues were fixed : - CVE-2018-10360: Fixed an out-of-bounds read in the do_core_note function in readelf.c in libmagic.a, which allowed remote attackers to cause a denial of service via a crafted ELF file (bsc#1096984) - CVE-2018-14851: Fixed an out-of-bound read in exif_process_IFD_in_MAKERNOTE, which could be exploited by an attacker via crafted JPG files, and could result in an application crash. (bsc#1103659) - CVE-2018-12882: Fixed an use-after-free in exif_read_from_impl in ext/exif/exif.c (bsc#1099098) - CVE-2017-9118: Fixed an out of bounds access in php_pcre_replace_impl via a crafted preg_replace call (bsc#1105466) This update was imported from the SUSE:SLE-12:Update update project.
    last seen 2019-02-21
    modified 2018-09-13
    plugin id 117477
    published 2018-09-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=117477
    title openSUSE Security Update : php5 (openSUSE-2018-998)
  • NASL family Amazon Linux Local Security Checks
    NASL id ALA_ALAS-2018-1067.NASL
    description exif_process_IFD_in_MAKERNOTE in ext/exif/exif.c in PHP 7.2.x before 7.2.8 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted JPEG file.(CVE-2018-14851) exif_read_from_impl in ext/exif/exif.c in PHP 7.2.x through 7.2.7 allows attackers to trigger a use-after-free (in exif_read_from_file) because it closes a stream that it is not responsible for closing. The vulnerable code is reachable through the PHP exif_read_data function.(CVE-2018-12882) An issue was discovered in PHP 7.2.x before 7.2.8. An Integer Overflow leads to a heap-based buffer over-read in exif_thumbnail_extract of exif.c.(CVE-2018-14883)
    last seen 2019-02-21
    modified 2018-08-31
    plugin id 112094
    published 2018-08-24
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=112094
    title Amazon Linux AMI : php72 (ALAS-2018-1067)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2018-2682-1.NASL
    description This update for php5 fixes the following issues : The following security issues were fixed : CVE-2018-10360: Fixed an out-of-bounds read in the do_core_note function in readelf.c in libmagic.a, which allowed remote attackers to cause a denial of service via a crafted ELF file (bsc#1096984) CVE-2018-14851: Fixed an out-of-bound read in exif_process_IFD_in_MAKERNOTE, which could be exploited by an attacker via crafted JPG files, and could result in an application crash. (bsc#1103659) CVE-2018-12882: Fixed an use-after-free in exif_read_from_impl in ext/exif/exif.c (bsc#1099098) CVE-2017-9118: Fixed an out of bounds access in php_pcre_replace_impl via a crafted preg_replace call (bsc#1105466) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2019-01-02
    plugin id 120095
    published 2019-01-02
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=120095
    title SUSE SLES12 Security Update : php5 (SUSE-SU-2018:2682-1)
refmap via4
bid 104551
confirm
ubuntu
  • USN-3702-1
  • USN-3702-2
Last major update 25-06-2018 - 23:29
Published 25-06-2018 - 23:29
Last modified 12-03-2019 - 07:46
Back to Top