Lucene search

PRIOn knowledge basePRION:CVE-2016-4544

HistoryMay 22, 2016 - 1:59 a.m.

Out-of-bounds

2016-05-2201:59:00

PRIOn knowledge base

www.prio-n.com

7.9 High

AI Score

Confidence

High

0.014 Low

EPSS

Percentile

86.4%

JSON

The exif_process_TIFF_in_JPEG function in ext/exif/exif.c in PHP before 5.5.35, 5.6.x before 5.6.21, and 7.x before 7.0.6 does not validate TIFF start data, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via crafted header data.

CPENameOperatorVersion
debian_linuxeq8.0
fedoraeq24
leapeq42.1
opensuseeq13.2
phpge5.5.0
phplt5.5.35
phpge5.6.0
phplt5.6.21
phpge7.0.0
phplt7.0.6

Name	Operator	Version
debian_linux	eq	8.0
fedora	eq	24
leap	eq	42.1
opensuse	eq	13.2
php	ge	5.5.0
php	lt	5.5.35
php	ge	5.6.0
php	lt	5.6.21
php	ge	7.0.0
php	lt	7.0.6

References

lists.opensuse.org/opensuse-updates/2016-05/msg00086.html

lists.opensuse.org/opensuse-updates/2016-06/msg00027.html

php.net/ChangeLog-5.php

php.net/ChangeLog-7.php

rhn.redhat.com/errata/RHSA-2016-2750.html

www.debian.org/security/2016/dsa-3602

www.openwall.com/lists/oss-security/2016/05/05/21

www.securityfocus.com/bid/89844

bugs.php.net/bug.php?id=72094

git.php.net/?p=php-src.git%3Ba=commit%3Bh=082aecfc3a753ad03be82cf14f03ac065723ec92

h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05240731

lists.fedoraproject.org/pipermail/package-announce/2016-May/183736.html

security.gentoo.org/glsa/201611-22