PHP 'ext/exif/exif.c' Denial of Service Vulnerability

PHP is prone to a denial-of-service vulnerability.

Attackers can exploit this issue to cause denial-of-service condition, denying service to legitimate users.

PHP versions 7.2.0 through 7.2.7 are vulnerable.

Information

Bugtraq ID: 104551
Class: Failure to Handle Exceptional Conditions
CVE: CVE-2018-12882

Remote: Yes
Local: No
Published: Jun 25 2018 12:00AM
Updated: Jun 25 2018 12:00AM
Credit: geeknik
Vulnerable: PHP PHP 7.2.7
PHP PHP 7.2.5
PHP PHP 7.2.4
PHP PHP 7.2.3
PHP PHP 7.2.2
PHP PHP 7.2.1
PHP PHP 7.2

Not Vulnerable:

Exploit

The researcher has created a proof-of-concept to demonstrate the issue. Please see the references for more information.

References:

Patch avoid-double-free.patch for EXIF related Bug #76409 (PHP)
PHP Homepage (PHP)
heap use after free in _php_stream_free (PHP)

Source: www.securityfocus.com

Exploit Collector

Search Exploit