Description
When processing certain files, PHP EXIF extension in versions 7.1.x below 7.1.28, 7.2.x below 7.2.17 and 7.3.x below 7.3.4 can be caused to read past allocated buffer in exif_iif_add_value function. This may lead to information disclosure or crash.
Remediation
References
Related Vulnerabilities
WebLogic Use of a Broken or Risky Cryptographic Algorithm Vulnerability (CVE-2021-2351)
phpBB CVE-2008-4125 Vulnerability (CVE-2008-4125)
Apache Tomcat Other Vulnerability (CVE-2011-1088)
WordPress Plugin Auto Amazon Links-Amazon Associates Affiliate Cross-Site Scripting (4.6.19)
PHP Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2016-7128)