PHP exif_process NULL Pointer DoS (Feb 9, 2018)

A code execution vulnerability exists in PHP’s exif extension module, which could cause denial of service on the server side. An attacker can exploit this vulnerability by sending a certain crafted JPEG or TIFF file to a web application.

The cause of this vulnerability is due to a null pointer exception during PHP parsing the exif part of a picture file. When handling the exif section, the PHP module will have a series of encoding converter functions.

Read More…