Description

The exif_process_user_comment function in ext/exif/exif.c in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted JPEG image.

Remediation

References

CVE-2016-6292

Related Vulnerabilities

Atlassian Jira Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2018-20239)

LiteSpeed Web Server Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2010-2333)

MySQL CVE-2013-5767 Vulnerability (CVE-2013-5767)

Jenkins Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2018-1000195)

WordPress Plugin Email Subscribers by Icegram Express-Email Marketing, Newsletters, Automation for WordPress & WooCommerce SQL Injection (4.1.7)

Severity

Medium

Classification

CVE-2016-6292 CWE-476 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Tags

Missing Update Known Vulnerabilities