CVE - CVE-2016-4542

CVE-ID
CVE-2016-4542	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
The exif_process_IFD_TAG function in ext/exif/exif.c in PHP before 5.5.35, 5.6.x before 5.6.21, and 7.x before 7.0.6 does not properly construct spprintf arguments, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via crafted header data.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
BID:89844 URL:http://www.securityfocus.com/bid/89844 CONFIRM:http://php.net/ChangeLog-5.php CONFIRM:http://php.net/ChangeLog-7.php CONFIRM:https://bugs.php.net/bug.php?id=72094 CONFIRM:https://git.php.net/?p=php-src.git;a=commit;h=082aecfc3a753ad03be82cf14f03ac065723ec92 CONFIRM:https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05240731 CONFIRM:https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05320149 CONFIRM:https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722 DEBIAN:DSA-3602 URL:http://www.debian.org/security/2016/dsa-3602 FEDORA:FEDORA-2016-f4e73663f4 URL:http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183736.html GENTOO:GLSA-201611-22 URL:https://security.gentoo.org/glsa/201611-22 MLIST:[oss-security] 20160505 CVE Request: PHP: several issues fixed with 7.0.6, 5.6.21 and 5.5.35 URL:http://www.openwall.com/lists/oss-security/2016/05/05/21 REDHAT:RHSA-2016:2750 URL:http://rhn.redhat.com/errata/RHSA-2016-2750.html SUSE:openSUSE-SU-2016:1357 URL:http://lists.opensuse.org/opensuse-updates/2016-05/msg00086.html SUSE:openSUSE-SU-2016:1524 URL:http://lists.opensuse.org/opensuse-updates/2016-06/msg00027.html
Assigning CNA
Debian GNU/Linux
Date Record Created
20160505	Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20160505)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: CVE Request Web Form (select "Other" from dropdown)