In an effort to keep the PHP community up to date about security issues, here's a new(ish) note from Secunia concering a risk some PHP-driven sites might be concerned about.

From a security release on April 1st, 2005: Three flaws have been discovered in the EXIF module of PHP (versions 4.2.x, 4.3.x, and 5.0.x), resulting in the possibility of exploit issues when your site takes file uploads.

• First, a bug in the module's exif_process_IFD_TAG() function could be exploited by a specially crafted "Image File Directory" (IFD) tag to cause a buffer overflow and allow a user to run arbitrary code.
• Secondly, another bug in EXIF could lead to an infinite recursion, causing the executed program to crash.
• And last, there is a bug in the "php_handle_iff()" and "php_handle_jpeg()" functions that, provided a specially formatted image, could cause infinite loops in the script, crashing the script and executing arbitracry code.

Again, note - these exploits effect mostly the sites out there using a file upload to allow users to push data out. If you're concerned about the security of your site and are using the file upload capability, you might consider updating your version, just to be safe...