PHP 7.2.x < 7.2.18 Heap-based Buffer Overflow Vulnerability.
Medium Nessus Plugin ID 124763
SynopsisAn application installed on the remote host is affected by a heap-based buffer overflow vulnerability.
DescriptionAccording to its banner, the version of PHP running on the remote web server is 7.2.x prior to 7.2.18. It is, therefore, affected by a heap-based buffer over-read condition within _estrndup of the exif_process_IFD_TAG in the exif.c script.
An unauthenticated, remote attacker can exploit this, to cause a denial of service condition or the execution of arbitrary code.
SolutionUpgrade to PHP version 7.2.18 or later.