Description
Integer overflow in the exif_process_IFD_TAG function in exif.c in the exif extension in PHP 5.4.0beta2 on 32-bit platforms allows remote attackers to read the contents of arbitrary memory locations or cause a denial of service via a crafted offset_val value in an EXIF header in a JPEG file, a different vulnerability than CVE-2011-0708.
Remediation
References
Related Vulnerabilities
Magento XML Injection (aka Blind XPath Injection) Vulnerability (CVE-2021-21019)
WordPress 3.9.x Cross-Domain Flash Injection Vulnerability (3.9 - 3.9.22)
WordPress Plugin AzonPost Cross-Site Scripting (1.3)
WordPress Plugin WP RSS Multi Importer Multiple Vulnerabilities (3.15)
OpenSSL Improper Certificate Validation Vulnerability (CVE-2023-0464)