A vulnerability in the EXIF component of PHP could allow an unauthenticated, remote attacker to execute arbitrary code on a targeted system.
The vulnerability is in the exif_process_SOFn method, as defined in the ext/exif/exif.c source code file of the affected software, and is due to an invalid read memory operation error by the affected software. An attacker could exploit this vulnerability by sending requests that submit malicious input to the affected software. A successful exploit could allow the attacker to execute arbitrary code and compromise the targeted system completely.
The PHP Project has confirmed the vulnerability and released software updates.
Security Impact Rating: Critical