Preface: Error handling in PHP is still primitive. However you can code your way around most problems.
Synopsis: From technical point of view, a JPEG file with malicious EXIF data, and a PHP code that executes it. This PHP code can be easily inserted into any other PHP file found in the server, probably not noticed as malicious in a quick check.
Vulnerability details:
PHP EXIF exif_iif_add_tag Heap Buffer Overflow Vulnerability – A successful exploit could allow the attacker to access sensitive information, which could be used to conduct additional attacks.
PHP EXIF exif_process_IFD_in_MAKERNOTE Heap Buffer Overflow Vulnerability – A successful exploit could allow the attacker to access sensitive information, which could be used to conduct further attacks.
Remedy: PHP Project has released software updates, please refer url: https://php.net/downloads.php