Description
When processing certain files, PHP EXIF extension in versions 7.1.x below 7.1.28, 7.2.x below 7.2.17 and 7.3.x below 7.3.4 can be caused to read past allocated buffer in exif_iif_add_value function. This may lead to information disclosure or crash.
Remediation
References
Related Vulnerabilities
Joomla! Core 3.x.x Remote Code Execution (3.7.0 - 3.8.7)
WordPress Plugin Feed Changer & Remover Cross-Site Scripting (0.2)
WordPress Plugin Redirection Local File Inclusion (2.7.3)
Apache HTTP Server Off-by-one Error Vulnerability (CVE-2005-1268)
WordPress Plugin AVH Extended Categories Widgets SQL Injection (4.0.0)