Orestiskourides

**Name of the Vulnerable Software and Affected Versions** PHP versions 7.1.x through 7.1.30 PHP versions 7.2.x through 7.2.20 PHP versions 7.3.x through 7.3.7 **Description** The issue arises when the PHP EXIF extension parses EXIF information from an image, for example, via the `exif read data()` function. It is possible to supply the function with data that causes it to read past the allocated buffer, potentially leading to information disclosure or a crash. This may allow a remote attacker to gain unauthorized access to information or cause a denial of service. **Recommendations** For PHP versions 7.1.x through 7.1.30, update to version 7.1.31 or later. For PHP versions 7.2.x through 7.2.20, update to version 7.2.21 or later. For PHP versions 7.3.x through 7.3.7, update to version 7.3.8 or later.

**Name of the Vulnerable Software and Affected Versions** PHP versions 7.1.x through 7.1.29 PHP versions 7.2.x through 7.2.18 PHP versions 7.3.x through 7.3.5 **Description** The issue arises when the PHP EXIF extension parses EXIF information from an image, for example, via the `exif read data()` function. It is possible to supply the function with data that causes it to read past the allocated buffer, potentially leading to information disclosure or a crash. This may allow a remote attacker to gain unauthorized access to information or cause a denial of service. **Recommendations** For PHP versions 7.1.x through 7.1.29, update to version 7.1.30 or later. For PHP versions 7.2.x through 7.2.18, update to version 7.2.19 or later. For PHP versions 7.3.x through 7.3.5, update to version 7.3.6 or later.