SUSE-SU-2018:1936-2 Security update for php7

This update for php7 fixes the following issues: - CVE-2018-12882: exifreadfromimpl allowed attackers to trigger a use-after-free in exifreadfromfile because it closed a stream that it is not responsible for closing bsc1099098...

PHP 7.2.x <= 7.2.7 DoS Vulnerability

PHP is prone to a denial of service DoS vulnerability. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:php:php"; ifdescription...

Code injection

exifreadfromimpl in ext/exif/exif.c in PHP 7.2.x through 7.2.7 allows attackers to trigger a use-after-free in exifreadfromfile because it closes a stream that it is not responsible for closing. The vulnerable code is reachable through the PHP exifreaddata function...

CVE-2018-12882

CVE-2018-12882 affects PHP, specifically the EXIF handling path. The connected sources confirm a use-after-free in exif_read_from_impl (ext/exif/exif.c) that can be triggered via exif_read_data, reachable through PHP’s exif_read_data interface. The vulnerability is described with PHP 7.2.x up to ...

CVE-2018-12882

exifreadfromimpl in ext/exif/exif.c in PHP 7.2.x through 7.2.7 allows attackers to trigger a use-after-free in exifreadfromfile because it closes a stream that it is not responsible for closing. The vulnerable code is reachable through the PHP exifreaddata function...