7.5

CVE-2016-10158

The exif_convert_any_to_int function in ext/exif/exif.c in PHP before 5.6.30, 7.0.x before 7.0.15, and 7.1.x before 7.1.1 allows remote attackers to cause a denial of service (application crash) via crafted EXIF data that triggers an attempt to divide the minimum representable negative integer by -1.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
PhpPhp Version <= 5.6.29
PhpPhp Version7.0.0
PhpPhp Version7.0.1
PhpPhp Version7.0.2
PhpPhp Version7.0.3
PhpPhp Version7.0.4
PhpPhp Version7.0.5
PhpPhp Version7.0.6
PhpPhp Version7.0.7
PhpPhp Version7.0.8
PhpPhp Version7.0.9
PhpPhp Version7.0.10
PhpPhp Version7.0.11
PhpPhp Version7.0.12
PhpPhp Version7.0.13
PhpPhp Version7.0.14
PhpPhp Version7.1.0
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 7.83% 0.94
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.5 3.9 3.6
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
nvd@nist.gov 5 10 2.9
AV:N/AC:L/Au:N/C:N/I:N/A:P
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://php.net/ChangeLog-5.php
Vendor Advisory
Release Notes
http://php.net/ChangeLog-7.php
Vendor Advisory
Release Notes
https://www.tenable.com/security/tns-2017-04
https://access.redhat.com/errata/RHSA-2018:1296
https://security.gentoo.org/glsa/201702-29
https://security.netapp.com/advisory/ntap-20180112-0001/
http://www.securitytracker.com/id/1037659
http://www.debian.org/security/2017/dsa-3783
http://www.securityfocus.com/bid/95764
Third Party Advisory
VDB Entry
https://bugs.php.net/bug.php?id=73737
Issue Tracking
https://github.com/php/php-src/commit/1cda0d7c2ffb62d8331c64e703131d9cabdc03ea
Patch
Third Party Advisory
Issue Tracking