Jul 2018 – PHP 7.2.x through 7.2.7 allows attackers to trigger a use-after-free (in exif_read_from_file)

CVE-2018-12882 – PHP 7.2.x through 7.2.7 allows attackers to trigger a use-after-free (in exif_read_from_file)

Use-After-Free vulnerabilities are a type of memory corruption flaw that can be leveraged by hackers to execute arbitrary code. Refer to statistic, PHP Version 5 is used by 82.0% of all the websites who use PHP. How about this vulnerable version? It  is 17.3 %. Both statistic informaiton seems up to date. PHP programming language have following advantage.

  1. Cross-Platform. PHP is, an application can be run on various platforms.
  2. Ease of use. Any individuals who are new to programming can easily learn to use them within a short duration of time.
  3. Open source and Powerful library support.

Hey, but do the remediation first! If you are using version 7.x.

CVE details shown as below: https://www.securityfocus.com/bid/104551/info

One thought on “Jul 2018 – PHP 7.2.x through 7.2.7 allows attackers to trigger a use-after-free (in exif_read_from_file)”

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.