CVE-2016-10158

The exif_convert_any_to_int function in ext/exif/exif.c in PHP before 5.6.30, 7.0.x before 7.0.15, and 7.1.x before 7.1.1 allows remote attackers to cause a denial of service (application crash) via crafted EXIF data that triggers an attempt to divide the minimum representable negative integer by -1.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 93%
Affected Products (NVD)
VendorProductVersion
phpphp
𝑥
≤ 5.6.29
phpphp
7.0.0
phpphp
7.0.1
phpphp
7.0.2
phpphp
7.0.3
phpphp
7.0.4
phpphp
7.0.5
phpphp
7.0.6
phpphp
7.0.7
phpphp
7.0.8
phpphp
7.0.9
phpphp
7.0.10
phpphp
7.0.11
phpphp
7.0.12
phpphp
7.0.13
phpphp
7.0.14
phpphp
7.1.0
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
php5
precise
Fixed 5.3.10-1ubuntu3.26
released
trusty
Fixed 5.5.9+dfsg-1ubuntu4.21
released
xenial
dne
yakkety
dne
php7.0
precise
dne
trusty
dne
xenial
Fixed 7.0.15-0ubuntu0.16.04.2
released
yakkety
Fixed 7.0.15-0ubuntu0.16.10.2
released
Amazon Linux logo
Amazon Linux Releases
Amazon Package
Release
php56
Amazon Linux 1
0:5.6.30-1.133.amzn1
fixed
php56-bcmath
Amazon Linux 1
0:5.6.30-1.133.amzn1
fixed
php56-cli
Amazon Linux 1
0:5.6.30-1.133.amzn1
fixed
php56-common
Amazon Linux 1
0:5.6.30-1.133.amzn1
fixed
php56-dba
Amazon Linux 1
0:5.6.30-1.133.amzn1
fixed
php56-dbg
Amazon Linux 1
0:5.6.30-1.133.amzn1
fixed
php56-debuginfo
Amazon Linux 1
0:5.6.30-1.133.amzn1
fixed
php56-devel
Amazon Linux 1
0:5.6.30-1.133.amzn1
fixed
php56-embedded
Amazon Linux 1
0:5.6.30-1.133.amzn1
fixed
php56-enchant
Amazon Linux 1
0:5.6.30-1.133.amzn1
fixed
php56-fpm
Amazon Linux 1
0:5.6.30-1.133.amzn1
fixed
php56-gd
Amazon Linux 1
0:5.6.30-1.133.amzn1
fixed
php56-gmp
Amazon Linux 1
0:5.6.30-1.133.amzn1
fixed
php56-imap
Amazon Linux 1
0:5.6.30-1.133.amzn1
fixed
php56-intl
Amazon Linux 1
0:5.6.30-1.133.amzn1
fixed
php56-ldap
Amazon Linux 1
0:5.6.30-1.133.amzn1
fixed
php56-mbstring
Amazon Linux 1
0:5.6.30-1.133.amzn1
fixed
php56-mcrypt
Amazon Linux 1
0:5.6.30-1.133.amzn1
fixed
php56-mssql
Amazon Linux 1
0:5.6.30-1.133.amzn1
fixed
php56-mysqlnd
Amazon Linux 1
0:5.6.30-1.133.amzn1
fixed
php56-odbc
Amazon Linux 1
0:5.6.30-1.133.amzn1
fixed
php56-opcache
Amazon Linux 1
0:5.6.30-1.133.amzn1
fixed
php56-pdo
Amazon Linux 1
0:5.6.30-1.133.amzn1
fixed
php56-pgsql
Amazon Linux 1
0:5.6.30-1.133.amzn1
fixed
php56-process
Amazon Linux 1
0:5.6.30-1.133.amzn1
fixed
php56-pspell
Amazon Linux 1
0:5.6.30-1.133.amzn1
fixed
php56-recode
Amazon Linux 1
0:5.6.30-1.133.amzn1
fixed
php56-snmp
Amazon Linux 1
0:5.6.30-1.133.amzn1
fixed
php56-soap
Amazon Linux 1
0:5.6.30-1.133.amzn1
fixed
php56-tidy
Amazon Linux 1
0:5.6.30-1.133.amzn1
fixed
php56-xml
Amazon Linux 1
0:5.6.30-1.133.amzn1
fixed
php56-xmlrpc
Amazon Linux 1
0:5.6.30-1.133.amzn1
fixed
php70
Amazon Linux 1
0:7.0.16-1.21.amzn1
fixed
php70-bcmath
Amazon Linux 1
0:7.0.16-1.21.amzn1
fixed
php70-cli
Amazon Linux 1
0:7.0.16-1.21.amzn1
fixed
php70-common
Amazon Linux 1
0:7.0.16-1.21.amzn1
fixed
php70-dba
Amazon Linux 1
0:7.0.16-1.21.amzn1
fixed
php70-dbg
Amazon Linux 1
0:7.0.16-1.21.amzn1
fixed
php70-debuginfo
Amazon Linux 1
0:7.0.16-1.21.amzn1
fixed
php70-devel
Amazon Linux 1
0:7.0.16-1.21.amzn1
fixed
php70-embedded
Amazon Linux 1
0:7.0.16-1.21.amzn1
fixed
php70-enchant
Amazon Linux 1
0:7.0.16-1.21.amzn1
fixed
php70-fpm
Amazon Linux 1
0:7.0.16-1.21.amzn1
fixed
php70-gd
Amazon Linux 1
0:7.0.16-1.21.amzn1
fixed
php70-gmp
Amazon Linux 1
0:7.0.16-1.21.amzn1
fixed
php70-imap
Amazon Linux 1
0:7.0.16-1.21.amzn1
fixed
php70-intl
Amazon Linux 1
0:7.0.16-1.21.amzn1
fixed
php70-json
Amazon Linux 1
0:7.0.16-1.21.amzn1
fixed
php70-ldap
Amazon Linux 1
0:7.0.16-1.21.amzn1
fixed
php70-mbstring
Amazon Linux 1
0:7.0.16-1.21.amzn1
fixed
php70-mcrypt
Amazon Linux 1
0:7.0.16-1.21.amzn1
fixed
php70-mysqlnd
Amazon Linux 1
0:7.0.16-1.21.amzn1
fixed
php70-odbc
Amazon Linux 1
0:7.0.16-1.21.amzn1
fixed
php70-opcache
Amazon Linux 1
0:7.0.16-1.21.amzn1
fixed
php70-pdo
Amazon Linux 1
0:7.0.16-1.21.amzn1
fixed
php70-pdo-dblib
Amazon Linux 1
0:7.0.16-1.21.amzn1
fixed
php70-pgsql
Amazon Linux 1
0:7.0.16-1.21.amzn1
fixed
php70-process
Amazon Linux 1
0:7.0.16-1.21.amzn1
fixed
php70-pspell
Amazon Linux 1
0:7.0.16-1.21.amzn1
fixed
php70-recode
Amazon Linux 1
0:7.0.16-1.21.amzn1
fixed
php70-snmp
Amazon Linux 1
0:7.0.16-1.21.amzn1
fixed
php70-soap
Amazon Linux 1
0:7.0.16-1.21.amzn1
fixed
php70-tidy
Amazon Linux 1
0:7.0.16-1.21.amzn1
fixed
php70-xml
Amazon Linux 1
0:7.0.16-1.21.amzn1
fixed
php70-xmlrpc
Amazon Linux 1
0:7.0.16-1.21.amzn1
fixed
php70-zip
Amazon Linux 1
0:7.0.16-1.21.amzn1
fixed
Common Weakness Enumeration