PHP exif_process_IFD_in_JPEG DoS Vulnerability (CVE-2016-4543)
PHP exif_process_IFD_in_JPEG DoS Vulnerability (CVE-2016-4543)
Release date:
Updated on:
Affected Systems:
PHP <5.5.35
PHP 7.x <7.0.6
PHP 5.6.x <5.6.21
Description:
CVE (CAN) ID: CVE-2016-4543
PHP is a widely used scripting language. It is especially suitable for Web development and can be embedded into HTML.
PHP <5.5.35, 5.6.x <5.6.21, 7.x <7.0.6, ext/exif. the c/exif_process_IFD_in_JPEG function does not verify the IFD size. A remote attacker uses the constructed header data to cause DoS (out-of-bounds read ).
<* Source: vendor
*>
Suggestion:
Vendor patch:
PHP
---
The vendor has released a patch to fix this security problem. Please download it from the vendor's homepage:
Https://bugs.php.net/bug.php? Id = 72094
Http://php.net/ChangeLog-7.php
Https://git.php.net /? Php-src.git; a = commit; h = 082aecfc3a753ad03be82cf14f03ac065723ec92
Http://php.net/ChangeLog-5.php
This article permanently updates the link address: