Description
When processing certain files, PHP EXIF extension in versions 7.1.x below 7.1.28, 7.2.x below 7.2.17 and 7.3.x below 7.3.4 can be caused to read past allocated buffer in exif_process_IFD_TAG function. This may lead to information disclosure or crash.
Remediation
References
Related Vulnerabilities
phpMyAdmin Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2016-2039)
WordPress Plugin Elementor Pro Security Bypass (3.11.6)
WordPress Plugin Integration for Contact Form 7 and Infusionsoft Cross-Site Scripting (1.1.2)
WordPress 4.5.x Denial of Service Vulnerability (4.5 - 4.5.13)