Lucene search

K

[email protected]NVD:CVE-2016-4543

HistoryMay 22, 2016 - 1:59 a.m.

CVE-2016-4543

2016-05-2201:59:28

CWE-119

[email protected]

web.nvd.nist.gov

1

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

10

Confidence

High

EPSS

0.017

Percentile

87.9%

The exif_process_IFD_in_JPEG function in ext/exif/exif.c in PHP before 5.5.35, 5.6.x before 5.6.21, and 7.x before 7.0.6 does not validate IFD sizes, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via crafted header data.

Affected configurations

NVD

Node

hpsystem_management_homepageRange≤7.5.5.6

Node

phpphpRange≤5.5.34

OR

phpphpMatch5.6.0

OR

phpphpMatch5.6.1

OR

phpphpMatch5.6.2

OR

phpphpMatch5.6.3

OR

phpphpMatch5.6.4

OR

phpphpMatch5.6.5

OR

phpphpMatch5.6.6

OR

phpphpMatch5.6.7

OR

phpphpMatch5.6.8

OR

phpphpMatch5.6.9

OR

phpphpMatch5.6.10

OR

phpphpMatch5.6.11

OR

phpphpMatch5.6.12

OR

phpphpMatch5.6.13

OR

phpphpMatch5.6.14

OR

phpphpMatch5.6.15

OR

phpphpMatch5.6.16

OR

phpphpMatch5.6.17

OR

phpphpMatch5.6.18

OR

phpphpMatch5.6.19

OR

phpphpMatch5.6.20

OR

phpphpMatch7.0.0

OR

phpphpMatch7.0.1

OR

phpphpMatch7.0.2

OR

phpphpMatch7.0.3

OR

phpphpMatch7.0.4

OR

phpphpMatch7.0.5

Node

fedoraprojectfedoraMatch24

Node

opensuseleapMatch42.1

References

lists.fedoraproject.org/pipermail/package-announce/2016-May/183736.html

lists.opensuse.org/opensuse-updates/2016-05/msg00086.html

lists.opensuse.org/opensuse-updates/2016-06/msg00027.html

php.net/ChangeLog-5.php

php.net/ChangeLog-7.php

rhn.redhat.com/errata/RHSA-2016-2750.html

www.debian.org/security/2016/dsa-3602

www.openwall.com/lists/oss-security/2016/05/05/21

www.securityfocus.com/bid/89844

bugs.php.net/bug.php?id=72094

git.php.net/?p=php-src.git%3Ba=commit%3Bh=082aecfc3a753ad03be82cf14f03ac065723ec92

h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05240731

h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05320149

h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722

security.gentoo.org/glsa/201611-22

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

10

Confidence

High

EPSS

0.017

Percentile

87.9%

Related for NVD:CVE-2016-4543

debiancve1 veracode58 prion1 cve1 cvelist1 ubuntucve1 f52 openvas14 nessus25 fedora2 debian3 osv1 ubuntu1 ibm1 suse2 gentoo1 redhat1 rosalinux1