suse · CVE-2015-0232

Quick triage

Priority: medium Published: 2021-05-30 13:25:47 UTC Updated: 2026-04-18 18:28:40 UTC

View at Official suse advisory, NVD, CVE.org · CVE detail

Freshness: upstream tracker timestamp is available; use API updated time as primary recency signal.

Tracker summary

CVE-2015-0232 severity moderate: SUSE including 850 source package names (apache2-mod_php5-5.2.14-0.7.30.64.1, apache2-mod_php5-5.5.14-11.3, …), 955 product×package rows across 28 product lines (SUSE Liberty Linux 7, SUSE Linux Enterprise Module for Legacy 15 SP4, … (28 product lines)): Fixed 749, Known Not Affected 206.

Description:

The exif_process_unicode function in ext/exif/exif.c in PHP before 5.4.37, 5.5.x before 5.5.21, and 5.6.x before 5.6.5 allows remote attackers to execute arbitrary code or cause a denial of service (uninitialized pointer free and application crash) via crafted EXIF data in a JPEG image.

cvelogic Threat Intelligence