Description
An issue was discovered in PHP before 5.6.37, 7.0.x before 7.0.31, 7.1.x before 7.1.20, and 7.2.x before 7.2.8. An Integer Overflow leads to a heap-based buffer over-read in exif_thumbnail_extract of exif.c.
Remediation
References
Related Vulnerabilities
OpenSSL Cryptographic Issues Vulnerability (CVE-2011-4354)
WordPress Plugin 2 Click Social Media Buttons 'xing-url' Parameter Cross-Site Scripting (0.32.2)
WordPress Plugin Front End Upload 'upload.php' Arbitrary File Upload (0.5.3)
Craft CMS Authorization Bypass Through User-Controlled Key Vulnerability (CVE-2026-28696)