The exifprocessIFDinTIFF function in ext/exif/exif.c in PHP before 5.6.25 and 7.x before 7.0.10 mishandles the case of a thumbnail offset that exceeds the file size, which allows remote attackers to obtain sensitive information from process memory via a crafted TIFF image.
{ "vanir_signatures": [ { "digest": { "threshold": 0.9, "line_hashes": [ "113995618109138763489426236600846229519", "207010564147224868569939080510464845863", "12225492273767835515959966646041988909", "199120476063143625235472752618703837168", "211446056386641717420862799601742907394", "55640858025059606115613149648190827300" ] }, "id": "CVE-2016-7128-a782b938", "source": "https://github.com/php/php-src/commit/6dbb1ee46b5f4725cc6519abf91e512a2a10dfed", "signature_version": "v1", "signature_type": "Line", "target": { "file": "ext/exif/exif.c" }, "deprecated": false }, { "digest": { "function_hash": "215008229581677938185334749663650265429", "length": 7964.0 }, "id": "CVE-2016-7128-b22bc4ec", "source": "https://github.com/php/php-src/commit/6dbb1ee46b5f4725cc6519abf91e512a2a10dfed", "signature_version": "v1", "signature_type": "Function", "target": { "file": "ext/exif/exif.c", "function": "exif_process_IFD_in_TIFF" }, "deprecated": false } ] }