Description
The exif_process_IFD_in_TIFF function in ext/exif/exif.c in PHP before 5.6.25 and 7.x before 7.0.10 mishandles the case of a thumbnail offset that exceeds the file size, which allows remote attackers to obtain sensitive information from process memory via a crafted TIFF image.
Remediation
References
Related Vulnerabilities
MySQL CVE-2020-14773 Vulnerability (CVE-2020-14773)
WordPress Plugin Google Shortlink by BestWebSoft Cross-Site Scripting (1.5.2)
Drupal Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2007-6752)
WordPress Plugin Activity Log Multiple Cross-Site Scripting Vulnerabilities (2.4.0)
WordPress Deserialization of Untrusted Data Vulnerability (CVE-2022-21663)