Description

The exif_process_user_comment function in ext/exif/exif.c in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted JPEG image.

Remediation

References

CVE-2016-6292

Related Vulnerabilities

WordPress Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2015-3438)

WordPress 5.3.x Prototype Pollution (5.3 - 5.3.11)

Oracle JRE CVE-2013-5823 Vulnerability (CVE-2013-5823)

phpMyAdmin Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2012-5339)

phpMyAdmin Other Vulnerability (CVE-2009-4605)

Severity

Medium

Classification

CVE-2016-6292 CWE-476 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Tags

Missing Update Known Vulnerabilities