The exifconvertanytoint function in ext/exif/exif.c in PHP before 5.6.30, 7.0.x before 7.0.15, and 7.1.x before 7.1.1 allows remote attackers to cause a denial of service (application crash) via crafted EXIF data that triggers an attempt to divide the minimum representable negative integer by -1.
{ "vanir_signatures": [ { "deprecated": false, "source": "https://github.com/php/php-src/commit/1cda0d7c2ffb62d8331c64e703131d9cabdc03ea", "target": { "file": "ext/exif/exif.c" }, "signature_type": "Line", "id": "CVE-2016-10158-527a49fb", "signature_version": "v1", "digest": { "threshold": 0.9, "line_hashes": [ "164345692419806313782867716889242662623", "199961379753220402556809735134877964513", "81811983889484349135308472968212951300", "306448116651839402360195260972894763694" ] } }, { "deprecated": false, "source": "https://github.com/php/php-src/commit/1cda0d7c2ffb62d8331c64e703131d9cabdc03ea", "target": { "function": "exif_convert_any_to_int", "file": "ext/exif/exif.c" }, "signature_type": "Function", "id": "CVE-2016-10158-a3bc0f1f", "signature_version": "v1", "digest": { "function_hash": "176999397470364082473290218156567094275", "length": 1196.0 } } ] }