First published: Sun May 22 2016(Updated: )
Fixed bug (Out of bounds heap read access in exif header processing). (CVE-2016-4542, CVE-2016-4543, CVE-2016-4544)
Credit: security@debian.org security@debian.org
Affected Software | Affected Version | How to fix |
---|---|---|
HP System Management Homepage | <=7.5.5.6 | |
PHP PHP | <=5.5.34 | |
PHP PHP | =5.6.0 | |
PHP PHP | =5.6.1 | |
PHP PHP | =5.6.2 | |
PHP PHP | =5.6.3 | |
PHP PHP | =5.6.4 | |
PHP PHP | =5.6.5 | |
PHP PHP | =5.6.6 | |
PHP PHP | =5.6.7 | |
PHP PHP | =5.6.8 | |
PHP PHP | =5.6.9 | |
PHP PHP | =5.6.10 | |
PHP PHP | =5.6.11 | |
PHP PHP | =5.6.12 | |
PHP PHP | =5.6.13 | |
PHP PHP | =5.6.14 | |
PHP PHP | =5.6.15 | |
PHP PHP | =5.6.16 | |
PHP PHP | =5.6.17 | |
PHP PHP | =5.6.18 | |
PHP PHP | =5.6.19 | |
PHP PHP | =5.6.20 | |
PHP PHP | =7.0.0 | |
PHP PHP | =7.0.1 | |
PHP PHP | =7.0.2 | |
PHP PHP | =7.0.3 | |
PHP PHP | =7.0.4 | |
PHP PHP | =7.0.5 | |
Fedoraproject Fedora | =24 | |
openSUSE Leap | =42.1 | |
PHP PHP | <7.0.6 | 7.0.6 |
debian/php5 | ||
debian/php7.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The severity of CVE-2016-4543 is critical with a severity value of 9.8.
CVE-2016-4543 affects PHP versions before 5.5.35, 5.6.x before 5.6.21, and 7.x before 7.0.6.
The impact of CVE-2016-4543 is a denial of service (out-of-bounds read) or possibly other unspecified impact via crafted header data.
To patch CVE-2016-4543, you should update PHP to version 5.5.35, 5.6.21, or 7.0.6.
You can find more information about CVE-2016-4543 at the following references: [PHP ChangeLog-7.0.6](https://www.php.net/ChangeLog-7.php#7.0.6), [OSS Security Mailing List](http://www.openwall.com/lists/oss-security/2016/05/05/21), [PHP ChangeLog-5](http://php.net/ChangeLog-5.php).