PHP versions 7.2.x through 7.2.7 are vulnerable to a heap-use-after-free in streams.c:_php_stream_free() that is reachable via the exif.c:exif_read_from_impl() function. An attacker could exploit this via a crafted file to potentially execute arbitrary code. The vulnerable PHP exif_read_data() function was modified in version 7.2.0 to support local files and stream resources. Upstream Bug: https://bugs.php.net/bug.php?id=76409 Upstream Patch: http://git.php.net/?p=php-src.git;a=commit;h=3fdde65617e9f954e2c964768aac8831005497e5 Reference: http://php.net/manual/en/function.exif-read-data.php
Created php tracking bugs for this issue: Affects: fedora-28 [bug 1595503]
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2018-12882