Description
When processing certain files, PHP EXIF extension in versions 7.1.x below 7.1.29, 7.2.x below 7.2.18 and 7.3.x below 7.3.5 can be caused to read past allocated buffer in exif_process_IFD_TAG function. This may lead to information disclosure or crash.
Remediation
References
Related Vulnerabilities
WordPress Plugin Magic Fields Arbitrary File Upload (1.6.3.2)
WordPress Plugin FormLift for Infusionsoft Web Forms SQL Injection (7.5.17)
OpenSSL Uncontrolled Resource Consumption Vulnerability (CVE-2016-8610)
Drupal Files or Directories Accessible to External Parties Vulnerability (CVE-2017-6922)
IBM RTC Improper Restriction of XML External Entity Reference Vulnerability (CVE-2016-9707)