Description
The exif_process_IFD_in_TIFF function in ext/exif/exif.c in PHP before 5.6.25 and 7.x before 7.0.10 mishandles the case of a thumbnail offset that exceeds the file size, which allows remote attackers to obtain sensitive information from process memory via a crafted TIFF image.
Remediation
References
Related Vulnerabilities
WordPress Plugin LazyEater Multiple Unspecified Vulnerabilities (1.2.4)
SharePoint CVE-2018-8161 Vulnerability (CVE-2018-8161)
axios Server-Side Request Forgery (SSRF) Vulnerability (CVE-2024-39338)
WordPress Plugin Zingiri Web Shop 'uploadfilexd.php' Arbitrary File Upload (2.4.3)
WordPress Plugin Dynamic Widgets Multiple Unspecified Vulnerabilities (1.5.7)