IBM Lotus Protector for mail security has now released updates for a previously disclosed vulnerability identiﬁed as CVE-2018-12882. The ﬂaw is that the exif_read_from_impl function in ext/exif/exif.c in PHP 7.2.x through 7.2.7 allows attackers to trigger a use-after-free (in exif_read_from_ﬁle) because it closes a stream that it is not responsible for closing. The vulnerable code is reachable through the PHP exif_read_data function. Successful exploitation of the ﬂaw causes Denial of Service condition.
Vendor has released ﬁxes for the vulnerability.
Denial of service with application crash.
Vendor has released ﬁxes for this vulnerability.
A php-upgrade-7_2_7 will solve the problem.
For IBM Lotus Protector for mail security, follow the vendor’s link below: