CVE Vulnerabilities

CVE-2016-6292

NULL Pointer Dereference

Published: Jul 25, 2016 | Modified: Nov 07, 2023
CVSS 3.x
6.5
MEDIUM
Source:
NVD
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
CVSS 2.x
4.3 MEDIUM
AV:N/AC:M/Au:N/C:N/I:N/A:P
RedHat/V2
RedHat/V3
Ubuntu

The exif_process_user_comment function in ext/exif/exif.c in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted JPEG image.

Weakness

A NULL pointer dereference occurs when the application dereferences a pointer that it expects to be valid, but is NULL, typically causing a crash or exit.

Affected Software

Name Vendor Start Version End Version
Php Php 5.6.1 5.6.1
Php Php 5.6.0 5.6.0
Php Php 5.6.5 5.6.5
Php Php 7.0.4 7.0.4
Php Php 5.6.12 5.6.12
Php Php 5.6.13 5.6.13
Php Php 5.6.0 5.6.0
Php Php 5.6.0 5.6.0
Php Php 5.6.4 5.6.4
Php Php 7.0.3 7.0.3
Php Php 5.6.6 5.6.6
Php Php 7.0.1 7.0.1
Php Php 5.6.0 5.6.0
Php Php 5.6.18 5.6.18
Php Php 5.6.11 5.6.11
Php Php 5.6.2 5.6.2
Php Php 5.6.10 5.6.10
Php Php 5.6.0 5.6.0
Php Php * 5.5.37
Php Php 5.6.7 5.6.7
Php Php 5.6.0 5.6.0
Php Php 5.6.21 5.6.21
Php Php 5.6.15 5.6.15
Php Php 5.6.20 5.6.20
Php Php 7.0.2 7.0.2
Php Php 5.6.0 5.6.0
Php Php 5.6.17 5.6.17
Php Php 5.6.16 5.6.16
Php Php 5.6.23 5.6.23
Php Php 7.0.8 7.0.8
Php Php 5.6.9 5.6.9
Php Php 5.6.0 5.6.0
Php Php 7.0.5 7.0.5
Php Php 5.6.3 5.6.3
Php Php 7.0.0 7.0.0
Php Php 5.6.8 5.6.8
Php Php 5.6.22 5.6.22
Php Php 5.6.14 5.6.14
Php Php 5.6.19 5.6.19
Php Php 5.6.0 5.6.0

Potential Mitigations

References