The vulnerability of the exif_process_user_comment function (ext/exif/exif.c) in the PHP programming language allows a hacker to cause a service failure.

The vulnerability of the exifprocessusercomment function ext/exif/exif.c in the PHP programming language is related to pointer arithmetic errors. Exploiting this vulnerability could allow a remote attacker to cause service interruptions...

php: Heap buffer over-read in exif_process_user_comment()

When PHP EXIF extension is parsing EXIF information from an image, e.g. via exifreaddata function, in PHP versions 7.1.x below 7.1.31, 7.2.x below 7.2.21 and 7.3.x below 7.3.8 it is possible to supply it with data what will cause it to read past the allocated buffer. This may lead to information...