PHP 7.1.x < 7.1.29 Heap-based Buffer Overflow Vulnerability.
Medium Nessus Plugin ID 124762
SynopsisAn application installed on the remote host is affected by a heap-based buffer overflow vulnerability.
DescriptionAccording to its banner, the version of PHP running on the remote web server is 7.1.x prior to 7.1.29. It is, therefore, affected by a heap-based buffer over-read condition within _estrndup of the exif_process_IFD_TAG in the exif.c script.
An unauthenticated, remote attacker can exploit this, to cause a denial of service condition or the execution of arbitrary code.
SolutionUpgrade to PHP version 7.1.29 or later.