A vulnerability in the EXIF component of PHP could allow an unauthenticated, remote attacker to execute arbitrary code on a targeted system.
The vulnerability is in the exif_process_IFD_in_MAKERNOTE method in the ext/exif/exif.c source code file of the affected software, and is due to an uninitialized read memory operation error by the affected software when handling the maker_note->offset relationship to the value_len variable. An attacker could exploit this vulnerability by sending requests that submit malicious input to the affected software. A successful exploit could allow the attacker to execute arbitrary code and compromise the targeted system completely.
The PHP Project has confirmed the vulnerability and released software updates.
Security Impact Rating: Critical