Описание
The exif_process_IFD_in_TIFF function in ext/exif/exif.c in PHP before 5.6.25 and 7.x before 7.0.10 mishandles the case of a thumbnail offset that exceeds the file size, which allows remote attackers to obtain sensitive information from process memory via a crafted TIFF image.
Ссылки
- Mailing List
- Release Notes
- Release Notes
- ExploitIssue Tracking
- Issue TrackingPatch
- Mailing List
- Release Notes
- Release Notes
- ExploitIssue Tracking
- Issue TrackingPatch
Уязвимые конфигурации
Одно из
EPSS
5.3 Medium
CVSS3
5 Medium
CVSS2
Дефекты
Связанные уязвимости
The exif_process_IFD_in_TIFF function in ext/exif/exif.c in PHP before 5.6.25 and 7.x before 7.0.10 mishandles the case of a thumbnail offset that exceeds the file size, which allows remote attackers to obtain sensitive information from process memory via a crafted TIFF image.
The exif_process_IFD_in_TIFF function in ext/exif/exif.c in PHP before 5.6.25 and 7.x before 7.0.10 mishandles the case of a thumbnail offset that exceeds the file size, which allows remote attackers to obtain sensitive information from process memory via a crafted TIFF image.
The exif_process_IFD_in_TIFF function in ext/exif/exif.c in PHP before ...
The exif_process_IFD_in_TIFF function in ext/exif/exif.c in PHP before 5.6.25 and 7.x before 7.0.10 mishandles the case of a thumbnail offset that exceeds the file size, which allows remote attackers to obtain sensitive information from process memory via a crafted TIFF image.
Уязвимость функции exif_process_ifd_in_tiff интерпретатора языка программирования PHP, позволяющая нарушителю раскрыть защищаемую информацию
EPSS
5.3 Medium
CVSS3
5 Medium
CVSS2