Description
The exif_process_user_comment function in ext/exif/exif.c in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted JPEG image.
Remediation
References
Related Vulnerabilities
Drupal Improper Input Validation Vulnerability (CVE-2019-6342)
MySQL CVE-2025-50103 Vulnerability (CVE-2025-50103)
CubeCart Improper Input Validation Vulnerability (CVE-2012-0865)
WordPress Plugin Theme Blvd Shortcodes Multiple Security Bypass Vulnerabilities (1.5.2)
Drupal Core 8.9.x Multiple Security Bypass Vulnerabilities (8.9.0 - 8.9.18)