Description

The exif_process_IFD_in_MAKERNOTE function in ext/exif/exif.c in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9 allows remote attackers to cause a denial of service (out-of-bounds array access and memory corruption), obtain sensitive information from process memory, or possibly have unspecified other impact via a crafted JPEG image.

Remediation

References

CVE-2016-6291

Related Vulnerabilities

IBM RTC Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2020-4855)

WordPress Plugin Read and Understood Multiple Vulnerabilities (2.1)

Joomla! Core 3.x.x Multiple Vulnerabilities (3.0.0 - 3.10.6)

Perl Permissions, Privileges, and Access Controls Vulnerability (CVE-2008-2827)

WordPress 4.9.x Multiple Vulnerabilities (4.9 - 4.9.18)

Severity

Critical

Classification

CVE-2016-6291 CWE-119 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities