Description

The exif_process_unicode function in ext/exif/exif.c in PHP before 5.4.37, 5.5.x before 5.5.21, and 5.6.x before 5.6.5 allows remote attackers to execute arbitrary code or cause a denial of service (uninitialized pointer free and application crash) via crafted EXIF data in a JPEG image.

Remediation

References

CVE-2015-0232

Related Vulnerabilities

PHP Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2010-2484)

Joomla Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2007-4189)

Drupal Core 6.x Multiple Vulnerabilities (6.0 - 6.27)

PostgreSQL Improper Restriction of Operations within the Bounds of a Memory Buffer Vulnerability (CVE-2021-32027)

Zope Web Application Server Other Vulnerability (CVE-2000-0725)

Severity

Medium

Classification

CVE-2015-0232

Tags

Missing Update Known Vulnerabilities