Description
An issue was discovered in PHP before 5.6.36, 7.0.x before 7.0.30, 7.1.x before 7.1.17, and 7.2.x before 7.2.5. exif_read_data in ext/exif/exif.c has an out-of-bounds read for crafted JPEG data because exif_iif_add_value mishandles the case of a MakerNote that lacks a final '\0' character.
Remediation
References
Related Vulnerabilities
WordPress Plugin Advanced Custom Fields PRO Multiple Security Bypass Vulnerabilities (5.10)
WordPress Plugin WP Private Message Insecure Direct Object Reference (1.0.5)
WordPress Plugin Contact Form Email Cross-Site Scripting (1.1.87)
WordPress 3.9.x Cross-Site Request Forgery (3.9 - 3.9.26)
WordPress Plugin Gravity Forms Cross-Site Scripting (1.9.15.11)