PHP 'exif.c' NULL Pointer Dereference Denial of Service Vulnerability

PHP is prone to a denial-of-service vulnerability.

Successful exploits may allow the attacker to cause a denial-of-service condition.

This issue is fixed in PHP versions 5.5.38 and 7.0.9.

Information

Bugtraq ID: 92078
Class: Failure to Handle Exceptional Conditions
CVE: CVE-2016-6292

Remote: Yes
Local: No
Published: Jul 19 2016 12:00AM
Updated: Apr 22 2017 07:05AM
Credit: nguyenvuhoang199321
Vulnerable: PHP PHP 7.0.5
PHP PHP 7.0.3
PHP PHP 7.0
PHP PHP 5.6.22
PHP PHP 5.6.21
PHP PHP 5.6.20
PHP PHP 5.6.19
PHP PHP 5.6.18
PHP PHP 5.6.17
PHP PHP 5.6.13
PHP PHP 5.6.12
PHP PHP 5.6.11
PHP PHP 5.6.5
PHP PHP 5.6.4
PHP PHP 5.6.1
PHP PHP 5.6
PHP PHP 5.5.35
PHP PHP 5.5.34
PHP PHP 5.5.33
PHP PHP 5.5.32
PHP PHP 5.5.29
PHP PHP 5.5.28
PHP PHP 5.5.27
PHP PHP 5.5.26
PHP PHP 5.5.21
PHP PHP 5.5.14
+ Mandriva Linux Mandrake 10.1 x86_64
+ Mandriva Linux Mandrake 10.1
+ S.u.S.E. Linux Personal 9.2
+ Turbolinux Turbolinux Server 10.0
+ Ubuntu Ubuntu Linux 4.1 ppc
+ Ubuntu Ubuntu Linux 4.1 ia64
+ Ubuntu Ubuntu Linux 4.1 ia32
PHP PHP 5.5.13
PHP PHP 5.5.12
PHP PHP 5.5.11
PHP PHP 5.5.10
PHP PHP 5.5.6
PHP PHP 5.5.5
PHP PHP 5.5.4
PHP PHP 5.5.3
PHP PHP 5.5.1
PHP PHP 5.5
PHP PHP 7.0.8
PHP PHP 7.0.7
PHP PHP 7.0.6
PHP PHP 7.0.4
PHP PHP 7.0.2
PHP PHP 7.0.1
PHP PHP 5.6.9
PHP PHP 5.6.8
PHP PHP 5.6.7
PHP PHP 5.6.6
PHP PHP 5.6.3
PHP PHP 5.6.23
PHP PHP 5.6.2
PHP PHP 5.6.14
PHP PHP 5.6.10
PHP PHP 5.5.9
PHP PHP 5.5.8
PHP PHP 5.5.7
PHP PHP 5.5.37
PHP PHP 5.5.36
PHP PHP 5.5.31
PHP PHP 5.5.30
PHP PHP 5.5.25
PHP PHP 5.5.24
PHP PHP 5.5.23
PHP PHP 5.5.22
PHP PHP 5.5.20
PHP PHP 5.5.2
PHP PHP 5.5.19
PHP PHP 5.5.18
PHP PHP 5.5.17
PHP PHP 5.5.16
PHP PHP 5.5.15
Oracle Secure Backup 10.4 1
Oracle Secure Backup 12.1.0.2.0
Oracle Secure Backup 12.1
Oracle Secure Backup 10.4.0.4.0
Oracle Secure Backup 10.3.0.3
Oracle Secure Backup 10.3.0.2
Oracle Secure Backup 10.3.0.1.0
Oracle Secure Backup 10.2.0.3
Oracle Secure Backup 10.2.0.2
Oracle Secure Backup 10.1.0.3
Oracle Secure Backup 10.1.0.2
Oracle Secure Backup 10.1.0.1
IBM Tealeaf Customer Experience on Cloud Network Capture Add-On 16.1.01
HP StoreEver MSL6480 Tape Library 4.90
HP StoreEver MSL6480 Tape Library 4.40
HP StoreEver MSL6480 Tape Library 4.10
Gentoo Linux
Apple Mac Os X 10.11.6

Not Vulnerable: PHP PHP 5.5.38
PHP PHP 7.0.9
PHP PHP 5.6.24
Oracle Secure Backup 12.1.0.3
HP StoreEver MSL6480 Tape Library 5.10
Apple macOS 10.12

References:

• Mac OS X Homepage (Apple)
  
• PHP 5 ChangeLog (PHP)
  
• PHP 7 ChangeLog (PHP)
  
• PHP Homepage (PHP)
  
• HPSBST03671 rev.1 - HPE StoreEver MSL6480 Tape Library, Remote Unauthorized Disc (HP)
  
• Oracle Critical Patch Update Advisory - April 2017 (Oracle)
  
• Sec Bug #72618 NULL Pointer Dereference in exif_process_user_comment (PHP)
  
• swg21994534: Multiple security issues in IBM Tealeaf Customer Experience on Clou (IBM)
  

Source: www.securityfocus.com