CVE-2019-11036 – Successful exploit could allow the attacker to access sensitive information (30th Apr 2019)

Preface: PHP is a scripting language that runs on a computer. Its main purpose is to process dynamic web pages, including command-line runtime interfaces or to generate graphical user interface programs.

Vulnerability details: A vulnerability in the EXIF component of PHP could allow an unauthenticated, remote attacker to access sensitive information on a targeted system.

Causes: The vulnerability exists in the exif_process_IFD_TAG function (ext/exif/exif.c source code). But similar flaw was occured in 2011 (CVE-2011-4566).

Official announcement: The PHP Project has released software updates via following url: https://php.net/downloads.php