First published: Tue Jun 26 2018(Updated: )
exif_read_from_impl in ext/exif/exif.c in PHP 7.2.x through 7.2.7 allows attackers to trigger a use-after-free (in exif_read_from_file) because it closes a stream that it is not responsible for closing. The vulnerable code is reachable through the PHP exif_read_data function.
Credit: cve@mitre.org cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
PHP PHP | >=7.2.0<=7.2.7 | |
Canonical Ubuntu Linux | =18.04 | |
Netapp Storage Automation Store | ||
PHP PHP | <7.2.8 | 7.2.8 |
debian/php5 | ||
debian/php7.0 | ||
debian/php7.1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.