PHP EXIF exif_process_IFD_in_TIFF Method Arbitrary Code Execution Vulnerability



A vulnerability in the EXIF component of PHP could allow an unauthenticated, remote attacker to execute arbitrary code on a targeted system.

The vulnerability is in the exif_process_IFD_in_TIFF method, as defined in the ext/exif/exif.c source code file of the affected software, and is due to an uninitialized read memory operation error by the affected software. An attacker could exploit this vulnerability by sending requests that submit malicious input to the affected software. A successful exploit could allow the attacker to execute arbitrary code and compromise the targeted system completely.

The PHP Project has confirmed the vulnerability and released software updates.

Security Impact Rating: Critical

CVE: CVE-2019-9641

Source:: Cisco Multivendor Vulnerability Alerts