CVE-2016-6291

EUVD-2016-7221
The exif_process_IFD_in_MAKERNOTE function in ext/exif/exif.c in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9 allows remote attackers to cause a denial of service (out-of-bounds array access and memory corruption), obtain sensitive information from process memory, or possibly have unspecified other impact via a crafted JPEG image.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
9.8 CRITICAL
NETWORK
LOW
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 90%
Affected Products (NVD)
VendorProductVersion
phpphp
𝑥
≤ 5.5.37
phpphp
5.6.0:alpha1
phpphp
5.6.0:alpha2
phpphp
5.6.0:alpha3
phpphp
5.6.0:alpha4
phpphp
5.6.0:alpha5
phpphp
5.6.0:beta1
phpphp
5.6.0:beta2
phpphp
5.6.0:beta3
phpphp
5.6.0:beta4
phpphp
5.6.1
phpphp
5.6.2
phpphp
5.6.3
phpphp
5.6.4
phpphp
5.6.5
phpphp
5.6.6
phpphp
5.6.7
phpphp
5.6.8
phpphp
5.6.9
phpphp
5.6.10
phpphp
5.6.11
phpphp
5.6.12
phpphp
5.6.13
phpphp
5.6.14
phpphp
5.6.15
phpphp
5.6.16
phpphp
5.6.17
phpphp
5.6.18
phpphp
5.6.19
phpphp
5.6.20
phpphp
5.6.21
phpphp
5.6.22
phpphp
5.6.23
phpphp
7.0.0
phpphp
7.0.1
phpphp
7.0.2
phpphp
7.0.3
phpphp
7.0.4
phpphp
7.0.5
phpphp
7.0.8
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
php5
precise
Fixed 5.3.10-1ubuntu3.24
released
trusty
Fixed 5.5.9+dfsg-1ubuntu4.19
released
wily
ignored
xenial
dne
php7.0
precise
dne
trusty
dne
wily
dne
xenial
Fixed 7.0.8-0ubuntu0.16.04.2
released
Common Weakness Enumeration
References
http://git.php.net/?p=php-src.git%3Ba=commit%3Bh=eebcbd5de38a0f1c2876035402cb770e37476519
http://lists.apple.com/archives/security-announce/2016/Sep/msg00006.html
http://openwall.com/lists/oss-security/2016/07/24/2
http://php.net/ChangeLog-5.php
http://php.net/ChangeLog-7.php
http://rhn.redhat.com/errata/RHSA-2016-2750.html
http://www.debian.org/security/2016/dsa-3631
http://www.securityfocus.com/bid/92073
http://www.securitytracker.com/id/1036430
https://bugs.php.net/72603
https://security.gentoo.org/glsa/201611-22
https://support.apple.com/HT207170
http://git.php.net/?p=php-src.git%3Ba=commit%3Bh=eebcbd5de38a0f1c2876035402cb770e37476519
http://lists.apple.com/archives/security-announce/2016/Sep/msg00006.html
http://openwall.com/lists/oss-security/2016/07/24/2
http://php.net/ChangeLog-5.php
http://php.net/ChangeLog-7.php
http://rhn.redhat.com/errata/RHSA-2016-2750.html
http://www.debian.org/security/2016/dsa-3631
http://www.securityfocus.com/bid/92073
http://www.securitytracker.com/id/1036430
https://bugs.php.net/72603
https://security.gentoo.org/glsa/201611-22
https://support.apple.com/HT207170