CVE-2016-6291

HIGH

Description

The exif_process_IFD_in_MAKERNOTE function in ext/exif/exif.c in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9 allows remote attackers to cause a denial of service (out-of-bounds array access and memory corruption), obtain sensitive information from process memory, or possibly have unspecified other impact via a crafted JPEG image.

ID	Name	Product	Family	Severity
132184	EulerOS 2.0 SP3 : php (EulerOS-SA-2019-2649)	Nessus	Huawei Local Security Checks	critical
131592	EulerOS 2.0 SP2 : php (EulerOS-SA-2019-2438)	Nessus	Huawei Local Security Checks	critical
129178	EulerOS 2.0 SP5 : php (EulerOS-SA-2019-1984)	Nessus	Huawei Local Security Checks	high
98855	PHP 7.0.x < 7.0.9 Multiple Vulnerabilities (httpoxy)	Web Application Scanning	Component Vulnerability	high
98814	PHP 5.6.x < 5.6.24 Multiple Vulnerabilities (httpoxy)	Web Application Scanning	Component Vulnerability	high
119981	SUSE SLES12 Security Update : php7 (SUSE-SU-2016:2460-1)	Nessus	SuSE Local Security Checks	high
119979	SUSE SLES12 Security Update : php5 (SUSE-SU-2016:2408-1)	Nessus	SuSE Local Security Checks	high
95421	GLSA-201611-22 : PHP: Multiple vulnerabilities (httpoxy)	Nessus	Gentoo Local Security Checks	high
9620	Mac OS X 10.x < 10.12 Multiple Vulnerabilities	Nessus Network Monitor	Operating System Detection	critical
93856	openSUSE Security Update : php5 (openSUSE-2016-1156)	Nessus	SuSE Local Security Checks	high
93685	macOS < 10.12 Multiple Vulnerabilities	Nessus	MacOS X Local Security Checks	critical
93589	SUSE SLES11 Security Update : php53 (SUSE-SU-2016:2328-1)	Nessus	SuSE Local Security Checks	high
93568	Debian DLA-628-1 : php5 security update	Nessus	Debian Local Security Checks	high
93367	SUSE SLES11 Security Update : php53 (SUSE-SU-2016:2210-1)	Nessus	SuSE Local Security Checks	high
93293	SUSE SLES11 Security Update : php5 (SUSE-SU-2016:2080-1)	Nessus	SuSE Local Security Checks	high
802016	PHP < 5.5.38, 5.6.24, 7.0.9 Multiple Vulnerabilities	Log Correlation Engine	Web Servers	critical
92982	openSUSE Security Update : php5 (openSUSE-2016-985)	Nessus	SuSE Local Security Checks	high
9460	PHP 5.5.x < 5.5.38 / 5.6.x < 5.6.24 / 7.0.x < 7.0.9 Multiple Vulnerabilities	Nessus Network Monitor	Web Servers	high
92699	Ubuntu 12.04 LTS / 14.04 LTS / 16.04 LTS : php5, php7.0 vulnerabilities (USN-3045-1) (httpoxy)	Nessus	Ubuntu Local Security Checks	high
92574	FreeBSD : php -- multiple vulnerabilities (b6402385-533b-11e6-a7bd-14dae9d210b8) (httpoxy)	Nessus	FreeBSD Local Security Checks	high
92573	Debian DSA-3631-1 : php5 - security update (httpoxy)	Nessus	Debian Local Security Checks	high
92556	PHP 7.0.x < 7.0.9 Multiple Vulnerabilities (httpoxy)	Nessus	CGI abuses	high
92555	PHP 5.6.x < 5.6.24 Multiple Vulnerabilities (httpoxy)	Nessus	CGI abuses	high
92554	PHP 5.5.x < 5.5.38 Multiple Vulnerabilities (httpoxy)	Nessus	CGI abuses	high

CVE-2016-6291

Description

References

Details

Risk Information

CVSS v2.0

CVSS v3.0