Use-after-free error in php7 (Alpine package)

1) Use-after-free error

EUVDB-ID: #VU13498

Risk: High

CVSSv3.1: 8.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-12882

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a remote attacker to cause DoS condition or execute arbitrary code on the target system.

The vulnerability exists due to use-after-free error when the exif_read_from_impl function, as defined in the ext/exif/exif.c source code file, closes a stream that it is not responsible for closing. A remote unauthenticated attacker can trick the victim into opening a specially crafted file that submits malicious .jpeg input, trigger memory corruption and cause the service to crash or execute arbitrary code with elevated privileges.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

php7 (Alpine package): 7.2.5-r0 - 7.2.16-r1

CPE2.3

• cpe:2.3:o:alpine:php7_alpine_package:7.2.14-r1:*:*:*:*:alpine_linux:*:
• cpe:2.3:o:alpine:php7_alpine_package:7.2.15-r0:*:*:*:*:alpine_linux:*:
• cpe:2.3:o:alpine:php7_alpine_package:7.2.15-r1:*:*:*:*:alpine_linux:*:

External links

http://git.alpinelinux.org/aports/commit/?id=ebcd3398f2d6e6f536fbfeaba9cc3b84ac377251
http://git.alpinelinux.org/aports/commit/?id=583c0d55e9e7208425dd53eb1739a7010b6b0dbc
http://git.alpinelinux.org/aports/commit/?id=7c1daf27a04307093cef0fcb3f1c5ab4bb68eee1
http://git.alpinelinux.org/aports/commit/?id=797bba4604043977849b0c0cf0b2ef7b21b1ea8c
http://git.alpinelinux.org/aports/commit/?id=38460e57f1f299ba2454aa7869c699f1ab333ca1

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.