cbcvebase.
CVE-2015-0232
published 2015-01-27

CVE-2015-0232: The exif_process_unicode function in ext/exif/exif.c in PHP before 5.4.37, 5.5.x before 5.5.21, and 5.6.x before 5.6.5 allows remote attackers to execute…

PriorityP342medium6.8CVSS 2.0
AVNACMAuNCPIPAP
EPSS
15.37%
96.4th percentile
The exif_process_unicode function in ext/exif/exif.c in PHP before 5.4.37, 5.5.x before 5.5.21, and 5.6.x before 5.6.5 allows remote attackers to execute arbitrary code or cause a denial of service (uninitialized pointer free and application crash) via crafted EXIF data in a JPEG image.

Affected

62 ranges· showing 25
VendorProductVersion rangeFixed in
appleos_x_el_capitan_v10.11
phpphp<= 5.4.36
phpphp
phpphp
phpphp
phpphp
phpphp
phpphp
phpphp
phpphp
phpphp
phpphp
phpphp
phpphp
phpphp
phpphp
phpphp
phpphp
phpphp
phpphp
phpphp
phpphp
phpphp
phpphp
phpphp

Detection & IOCsextracted from sources · hover to see the quote

pathext/exif/exif.c
  • Trigger condition: crafted EXIF data embedded in a JPEG image passed to exif_read_data() causes uninitialized pointer free in exif_process_unicode()
  • Vulnerable function is exif_process_unicode in ext/exif/exif.c; monitor PHP crash/abort signals when processing JPEG/TIFF uploads with EXIF data
  • Upstream fix commits can be used to diff and build detection signatures for the vulnerable code path
  • ·PHP versions before 5.4.37, 5.5.x before 5.5.21, and 5.6.x before 5.6.5 are vulnerable; Red Hat Enterprise Linux 5 (php package) is listed as Not affected, and rh-php56-php (Red Hat Software Collections) is also Not affected
  • ·Tenable SecurityCenter exposes the related process_nested_data() issue (CVE-2015-0231) only to authenticated users; CVE-2015-0232 (exif_process_unicode) is a separate code path triggered via JPEG EXIF parsing

CVSS provenance

nvdv2.06.8MEDIUMAV:N/AC:M/Au:N/C:P/I:P/A:P
osv7.5HIGH
vendor_ubuntu7.5HIGH
vendor_redhat6.8MEDIUM
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.