PHP EXIF exif_process_IFD_in_TIFF Method Arbitrary Code Execution Vulnerability

Preface: With the exif extension you are able to work with image meta data. PHP capable to update the date in the exif photo headers by script. The headers includes the following: Time taken,Time modified,The camera make,The camera model,..

Design objective of exif_process_IFD_in_TIFF:
Parse the TIFF header.

Vulnerability Found:
When execute test script, Memcheck by valgrind.org determined that an undefined value is being used in a dangerous way from exif_process_IFD_in_TIFF.

My speculation:
Short registration process helps to get more subscribers to your website. Login with Facebook is a quick and powerful way to integrate registration and login system on the website. PHP SDK allow accessing the Facebook API from the web appliction. But to get started with the latest version of Facebook SDK v 5.x, make sure your system meets the following requirements.
PHP version should be 5.4 or greater.
What if, servers whose originally connect to facebook which install PHP version 7.X. They are all compromised because of vulnerability. In the mean time, they will start attack to the facebook. Do you think this is the story began on 14th Mar 2019?

Remedy: Upgrade http://php.net/downloads.php

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.