In PHP versions 7.2.x below 7.2.9, 7.3.x below 7.3.16 and 7.4.x below 7.4.4, while parsing EXIF data with exifreaddata() function, it is possible for malicious data to cause PHP to read one byte of uninitialized memory. This could potentially lead to information disclosure or crash.
{ "cpes": [ "cpe:2.3:a:php:php:*:*:*:*:*:*:*:*" ], "severity": "Medium" }