Description
The exif_process_IFD_TAG function in ext/exif/exif.c in PHP before 5.5.35, 5.6.x before 5.6.21, and 7.x before 7.0.6 does not properly construct spprintf arguments, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via crafted header data.
Remediation
References
Related Vulnerabilities
Oracle JRE CVE-2012-4681 Vulnerability (CVE-2012-4681)
Drupal Core 8.x.x Information Disclosure (8.0.0 - 8.7.14)
WordPress Plugin Global Content Blocks 'gcb_export.php' SQL Injection (1.2)
Joomla! Core 1.5.x Information Disclosure (1.5.0 - 1.5.25)
WordPress Plugin WP Import Export Information Disclosure (3.9.15)