Description
An issue was discovered in the EXIF component in PHP before 7.1.27, 7.2.x before 7.2.16, and 7.3.x before 7.3.3. There is an uninitialized read in exif_process_IFD_in_MAKERNOTE because of mishandling the maker_note->offset relationship to value_len.
Remediation
References
Related Vulnerabilities
Magento CVE-2022-34259 Vulnerability (CVE-2022-34259)
Jboss EAP Session Fixation Vulnerability (CVE-2021-20324)
Apache Tomcat Numeric Errors Vulnerability (CVE-2012-0022)
WordPress Plugin Yet Another Photoblog Unspecified Vulnerability (1.10.6)
WordPress Use of Insufficiently Random Values Vulnerability (CVE-2017-17091)