CVE-2018-12882
exif_read_from_impl in ext/exif/exif.c in PHP 7.2.x through 7.2.7 allows attackers to trigger a use-after-free (in exif_read_from_file) because it closes a stream that it is not responsible for closing. The vulnerable code is reachable through the PHP exif_read_data function.
We have discovered 2,535,074 live websites that are affected by CVE-2018-12882.
Affected Software
| Product |  PHP |
| Category | Programming Languages |
| Vulnerable Domains | 2,535,074 live websites (29.05% of PHP install base) |
| Vulnerable Versions |
|
| Vulnerable Versions Count | 327 versions ( 59.78% of all versions) |
Details
- Published - Jun 26, 2018
- Updated - Aug 5, 2024
CVE References
CVE-2018-12882 usage by Country
 United States | 617,840 websites |
 Russia | 284,503 websites |
 France | 199,689 websites |
 Germany | 181,416 websites |
 Japan | 149,324 websites |
 Netherlands | 115,387 websites |
 Taiwan | 114,363 websites |
 China | 89,613 websites |
 GB | 61,443 websites |
 Poland | 45,272 websites |
CVE-2018-12882 usage by TLD
| .com | 1,053,405 websites |
| .ru | 242,984 websites |
| .de | 107,297 websites |
| .net | 90,793 websites |
| .nl | 81,050 websites |
| .fr | 72,229 websites |
| .org | 68,741 websites |
| .co.uk | 42,437 websites |
| .jp | 39,530 websites |
| .pl | 38,273 websites |
Vulnerable Versions
Vulnerable versions are highlighted in redWebsites affected by CVE-2018-12882
Top websites that are affected by CVE-2018-12882. Please click on the "Contact us" link to get more information.| Domain | Country | Rank | Contacts |
|---|---|---|---|
| ****.org | China | *** | |
| *****.***********.com |  Canada | *** | |
| **********.com | United States | *** | |
| **********.com | United States | *** | |
| ************.***.ar |  Argentina | *,*** | |
| *****.ru | Russia | *,*** | |
| ********.*********.com |  Singapore | *,*** | |
| ******************.com | United States | *,*** | |
| ***.org | United States | *,*** | |
| *********.******.net | United States | *,*** |