CVE-2015-0232 (retired)

Priority
Description
The exif_process_unicode function in ext/exif/exif.c in PHP before 5.4.37,
5.5.x before 5.5.21, and 5.6.x before 5.6.5 allows remote attackers to
execute arbitrary code or cause a denial of service (uninitialized pointer
free and application crash) via crafted EXIF data in a JPEG image.
Notes
 mdeslaur> php5 in lucid and precise is built with mbstring, so
 mdeslaur> xp_field->value does get properly set
Assigned-to
mdeslaur
More Information

Updated: 2019-09-19 15:51:53 UTC (commit d32ebc32606b9517c6fa7d65a15441e2a57a6de5)