Description
An issue was discovered in the EXIF component in PHP before 7.1.27, 7.2.x before 7.2.16, and 7.3.x before 7.3.3. There is an uninitialized read in exif_process_IFD_in_MAKERNOTE because of mishandling the data_len variable.
Remediation
References
Related Vulnerabilities
Oracle Database Server CVE-2007-5530 Vulnerability (CVE-2007-5530)
MODX Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2017-7324)
WordPress Plugin Leaky Paywall Cross-Site Scripting (4.16.5)
WordPress Plugin Jetpack-WP Security, Backup, Speed, & Growth Multiple Vulnerabilities (4.0.3)
WordPress Plugin Responsive Cookie Consent Cross-Site Scripting (1.7)