6.5

CVE-2016-6292

Exploit
The exif_process_user_comment function in ext/exif/exif.c in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted JPEG image.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
PhpPhp Version <= 5.5.37
PhpPhp Version5.6.0 Updatealpha1
PhpPhp Version5.6.0 Updatealpha2
PhpPhp Version5.6.0 Updatealpha3
PhpPhp Version5.6.0 Updatealpha4
PhpPhp Version5.6.0 Updatealpha5
PhpPhp Version5.6.0 Updatebeta1
PhpPhp Version5.6.0 Updatebeta2
PhpPhp Version5.6.0 Updatebeta3
PhpPhp Version5.6.0 Updatebeta4
PhpPhp Version5.6.1
PhpPhp Version5.6.2
PhpPhp Version5.6.3
PhpPhp Version5.6.4
PhpPhp Version5.6.5
PhpPhp Version5.6.6
PhpPhp Version5.6.7
PhpPhp Version5.6.8
PhpPhp Version5.6.9
PhpPhp Version5.6.10
PhpPhp Version5.6.11
PhpPhp Version5.6.12
PhpPhp Version5.6.13
PhpPhp Version5.6.14
PhpPhp Version5.6.15
PhpPhp Version5.6.16
PhpPhp Version5.6.17
PhpPhp Version5.6.18
PhpPhp Version5.6.19
PhpPhp Version5.6.20
PhpPhp Version5.6.21
PhpPhp Version5.6.22
PhpPhp Version5.6.23
PhpPhp Version7.0.0
PhpPhp Version7.0.1
PhpPhp Version7.0.2
PhpPhp Version7.0.3
PhpPhp Version7.0.4
PhpPhp Version7.0.5
PhpPhp Version7.0.8
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 3.91% 0.889
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 6.5 2.8 3.6
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
nvd@nist.gov 4.3 8.6 2.9
AV:N/AC:M/Au:N/C:N/I:N/A:P
CWE-476 NULL Pointer Dereference

The product dereferences a pointer that it expects to be valid but is NULL.

http://php.net/ChangeLog-5.php
Release Notes
http://rhn.redhat.com/errata/RHSA-2016-2750.html
http://php.net/ChangeLog-7.php
Release Notes
http://lists.apple.com/archives/security-announce/2016/Sep/msg00006.html
https://support.apple.com/HT207170
https://security.gentoo.org/glsa/201611-22
http://www.debian.org/security/2016/dsa-3631
http://openwall.com/lists/oss-security/2016/07/24/2
Patch
Mailing List
http://www.securitytracker.com/id/1036430
http://git.php.net/?p=php-src.git%3Ba=commit%3Bh=41131cd41d2fd2e0c2f332a27988df75659c42e4
http://www.securityfocus.com/bid/92078
Third Party Advisory
VDB Entry
https://bugs.php.net/72618
Exploit
Issue Tracking