CVE-2016-10158

The exifconvertanytoint function in ext/exif/exif.c in PHP before 5.6.30, 7.0.x before 7.0.15, and 7.1.x before 7.1.1 allows remote attackers to cause a denial of service (application crash) via crafted EXIF data that triggers an attempt to divide the minimum representable negative integer by -1.

References

Affected packages

Git / github.com/php/php-src

Affected ranges

Type: GIT
Repo: https://github.com/php/php-src
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

1cda0d7c2ffb62d8331c64e703131d9cabdc03ea

Affected versions

Other

NEWS

NEWS-cvs2svn

php-5.*

php-5.3.23RC1

php-5.3.29

php-5.3.29RC1

php-5.4.30RC1

php-5.4.32RC1

php-5.4.4RC2

php-5.5.24RC1

php-5.6.18RC1

php-5.6.19RC1

php-5.6.22RC1

php-5.6.23RC1

php-5.6.24RC1

Database specific

vanir_signatures

[
    {
        "target": {
            "file": "ext/exif/exif.c"
        },
        "id": "CVE-2016-10158-527a49fb",
        "digest": {
            "line_hashes": [
                "164345692419806313782867716889242662623",
                "199961379753220402556809735134877964513",
                "81811983889484349135308472968212951300",
                "306448116651839402360195260972894763694"
            ],
            "threshold": 0.9
        },
        "signature_version": "v1",
        "deprecated": false,
        "source": "https://github.com/php/php-src/commit/1cda0d7c2ffb62d8331c64e703131d9cabdc03ea",
        "signature_type": "Line"
    },
    {
        "target": {
            "function": "exif_convert_any_to_int",
            "file": "ext/exif/exif.c"
        },
        "id": "CVE-2016-10158-a3bc0f1f",
        "digest": {
            "function_hash": "176999397470364082473290218156567094275",
            "length": 1196.0
        },
        "signature_version": "v1",
        "deprecated": false,
        "source": "https://github.com/php/php-src/commit/1cda0d7c2ffb62d8331c64e703131d9cabdc03ea",
        "signature_type": "Function"
    }
]