Remote Code Execution in PHP Affected by Improper IFD Size Validation
CVE-2016-4543

9.8CRITICAL

Key Information:

Vendor
HP
Status
System Management Homepage
Vendor
CVE Published:
22 May 2016

Summary

The exif_process_IFD_in_JPEG function within PHP prior to versions 5.5.35, 5.6.21, and 7.0.6 fails to correctly validate Image File Directory (IFD) sizes. This oversight allows attackers to exploit the vulnerability, potentially leading to a denial of service via out-of-bounds reads. By crafting specific header data, attackers can disrupt normal operation of affected PHP installations.

References

https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/do...
x_refsource_CONFIRM
http://www.securityfocus.com/bid/89844
vdb-entryx_refsource_BID
http://lists.opensuse.org/opensuse-updates/2016-06/msg000...
vendor-advisoryx_refsource_SUSE

CVSS V3.1

Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.