[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-CVE-2016-6291":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-05T08:55:32.481Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":68,"aliases":78,"duplicate_of":9,"upstream":79,"downstream":80,"duplicates":105,"related":106,"reserved_at":9,"published_at":114,"modified_at":115,"state":116,"summary":117,"references_raw":125,"kevs":190,"epss":191,"epss_history":194,"metrics":450,"affected":459},"CVE-2016-6291","The exif_process_IFD_in_MAKERNOTE function in ext/exif/exif.c in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9 allows remote attackers to cause a denial of service (out-of-bounds array access and memory corruption), obtain sensitive information from process memory, or possibly have unspecified other impact via a crafted JPEG image.",null,[11],{"_key":12,"id":12,"name":13,"description":14,"type":15,"status":16,"abstraction":17,"likelihood_of_exploit":18,"capec":19},"CWE-119","Improper Restriction of Operations within the Bounds of a Memory Buffer","The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.","weakness","Stable","Class","High",[20,24,28,32,36,40,44,48,52,56,60,64],{"id":21,"name":22,"techniques":23},"CAPEC-10","Buffer Overflow via Environment Variables",[],{"id":25,"name":26,"techniques":27},"CAPEC-100","Overflow Buffers",[],{"id":29,"name":30,"techniques":31},"CAPEC-123","Buffer Manipulation",[],{"id":33,"name":34,"techniques":35},"CAPEC-14","Client-side Injection-induced Buffer Overflow",[],{"id":37,"name":38,"techniques":39},"CAPEC-24","Filter Failure through Buffer Overflow",[],{"id":41,"name":42,"techniques":43},"CAPEC-42","MIME Conversion",[],{"id":45,"name":46,"techniques":47},"CAPEC-44","Overflow Binary Resource File",[],{"id":49,"name":50,"techniques":51},"CAPEC-45","Buffer Overflow via Symbolic Links",[],{"id":53,"name":54,"techniques":55},"CAPEC-46","Overflow Variables and Tags",[],{"id":57,"name":58,"techniques":59},"CAPEC-47","Buffer Overflow via Parameter Expansion",[],{"id":61,"name":62,"techniques":63},"CAPEC-8","Buffer Overflow in an API Call",[],{"id":65,"name":66,"techniques":67},"CAPEC-9","Buffer Overflow in Local Command-Line Utilities",[],[69],{"_key":70,"name":71,"source":72,"url":73,"maturity":74,"reliability_score":75,"verified":76,"type":9,"platforms":77,"requires_auth":9,"exploitdb":9,"metasploit":9},"REF_5DD6D59968733604","Exploit Reference (bugs.php.net)","reference","https://bugs.php.net/72603","unknown",0.2,false,[],[],[],[81,83,85,87,89,91,93,95,97,99,101,103],{"_key":82},"SUSE-SU-2016:2080-1",{"_key":84},"SUSE-SU-2016:2210-1",{"_key":86},"SUSE-SU-2016:2328-1",{"_key":88},"SUSE-SU-2016:2408-1",{"_key":90},"SUSE-SU-2016:2460-1",{"_key":92},"SUSE-SU-2016:2460-2",{"_key":94},"DLA-628-1",{"_key":96},"DSA-3631-1",{"_key":98},"MGASA-2016-0267",{"_key":100},"UBUNTU-CVE-2016-6291",{"_key":102},"USN-3045-1",{"_key":104},"RHSA-2016:2750",[],[107,108,109,110,111,112,113],{"_key":82},{"_key":84},{"_key":86},{"_key":88},{"_key":90},{"_key":92},{"_key":98},"2016-07-25T14:00:00.000Z","2024-08-06T01:22:20.687Z","Modified",{"cisa_kev":76,"cisa_ransomware":76,"cisa_vendor":9,"epss_severity":118,"epss_score":119,"severity":120,"severity_score":121,"severity_version":122,"severity_source":123,"severity_vector":124,"severity_status":116},"low",0.06548,"critical",9.8,"v3.0","nvd","CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",[126,132,138,143,148,153,160,166,171,176,180,186],{"url":127,"sources":128,"tags":130},"http://git.php.net/?p=php-src.git%3Ba=commit%3Bh=eebcbd5de38a0f1c2876035402cb770e37476519",[129,123],"cve.org",[131],"X Refsource CONFIRM",{"url":133,"sources":134,"tags":135},"http://lists.apple.com/archives/security-announce/2016/Sep/msg00006.html",[129,123],[136,137],"Vendor Advisory","X Refsource APPLE",{"url":139,"sources":140,"tags":141},"https://security.gentoo.org/glsa/201611-22",[129,123],[136,142],"X Refsource GENTOO",{"url":144,"sources":145,"tags":146},"http://rhn.redhat.com/errata/RHSA-2016-2750.html",[129,123],[136,147],"X Refsource REDHAT",{"url":149,"sources":150,"tags":151},"http://php.net/ChangeLog-5.php",[129,123],[131,152],"Release Notes",{"url":73,"sources":154,"tags":155},[129,123],[131,156,157,158,159],"Exploit","Issue Tracking","Patch","Third Party Advisory",{"url":161,"sources":162,"tags":163},"http://www.securityfocus.com/bid/92073",[129,123],[164,165,159],"VDB Entry","X Refsource BID",{"url":167,"sources":168,"tags":169},"http://www.securitytracker.com/id/1036430",[129,123],[164,170],"X Refsource SECTRACK",{"url":172,"sources":173,"tags":174},"http://www.debian.org/security/2016/dsa-3631",[129,123],[136,175],"X Refsource DEBIAN",{"url":177,"sources":178,"tags":179},"http://php.net/ChangeLog-7.php",[129,123],[131,152],{"url":181,"sources":182,"tags":183},"http://openwall.com/lists/oss-security/2016/07/24/2",[129,123],[184,185],"Mailing List","X Refsource MLIST",{"url":187,"sources":188,"tags":189},"https://support.apple.com/HT207170",[129,123],[131],[],{"date":192,"score":119,"percentile":193},"2026-06-04",0.91301,[195,199,202,205,208,210,213,216,219,222,225,228,231,233,236,239,242,245,248,251,254,257,260,263,266,269,272,274,277,280,283,286,289,291,294,297,300,303,306,309,312,315,318,321,324,327,330,333,336,339,342,344,347,349,353,355,357,359,361,364,367,370,373,376,379,382,384,387,390,392,394,396,399,402,405,408,410,412,415,418,421,424,427,430,433,436,439,442,445,447],{"date":196,"score":197,"percentile":198},"2025-11-04",0.09932,0.92691,{"date":200,"score":197,"percentile":201},"2025-11-05",0.92694,{"date":203,"score":197,"percentile":204},"2025-11-06",0.92693,{"date":206,"score":197,"percentile":207},"2025-11-07",0.92697,{"date":209,"score":197,"percentile":207},"2025-11-08",{"date":211,"score":197,"percentile":212},"2025-11-09",0.92696,{"date":214,"score":197,"percentile":215},"2025-11-10",0.92695,{"date":217,"score":197,"percentile":218},"2025-11-11",0.927,{"date":220,"score":197,"percentile":221},"2025-11-12",0.92707,{"date":223,"score":197,"percentile":224},"2025-11-13",0.9271,{"date":226,"score":197,"percentile":227},"2025-11-14",0.92713,{"date":229,"score":197,"percentile":230},"2025-11-15",0.92705,{"date":232,"score":197,"percentile":224},"2025-11-16",{"date":234,"score":197,"percentile":235},"2025-11-17",0.92706,{"date":237,"score":197,"percentile":238},"2025-11-18",0.92229,{"date":240,"score":197,"percentile":241},"2025-11-19",0.92233,{"date":243,"score":197,"percentile":244},"2025-11-20",0.92238,{"date":246,"score":197,"percentile":247},"2025-11-21",0.92725,{"date":249,"score":197,"percentile":250},"2025-11-22",0.92723,{"date":252,"score":197,"percentile":253},"2025-11-23",0.92728,{"date":255,"score":197,"percentile":256},"2025-11-24",0.92729,{"date":258,"score":197,"percentile":259},"2025-11-25",0.92732,{"date":261,"score":197,"percentile":262},"2025-11-26",0.92731,{"date":264,"score":197,"percentile":265},"2025-11-27",0.92727,{"date":267,"score":197,"percentile":268},"2025-11-28",0.92722,{"date":270,"score":197,"percentile":271},"2025-11-29",0.92737,{"date":273,"score":197,"percentile":271},"2025-11-30",{"date":275,"score":197,"percentile":276},"2025-12-01",0.92782,{"date":278,"score":197,"percentile":279},"2025-12-02",0.92786,{"date":281,"score":197,"percentile":282},"2025-12-03",0.92789,{"date":284,"score":197,"percentile":285},"2025-12-04",0.92743,{"date":287,"score":197,"percentile":288},"2025-12-05",0.92747,{"date":290,"score":197,"percentile":288},"2025-12-06",{"date":292,"score":197,"percentile":293},"2025-12-07",0.92744,{"date":295,"score":197,"percentile":296},"2025-12-08",0.92748,{"date":298,"score":197,"percentile":299},"2025-12-09",0.92751,{"date":301,"score":197,"percentile":302},"2025-12-10",0.9276,{"date":304,"score":197,"percentile":305},"2025-12-11",0.92761,{"date":307,"score":197,"percentile":308},"2025-12-12",0.92766,{"date":310,"score":197,"percentile":311},"2025-12-13",0.92754,{"date":313,"score":197,"percentile":314},"2025-12-14",0.92752,{"date":316,"score":197,"percentile":317},"2025-12-15",0.92755,{"date":319,"score":197,"percentile":320},"2025-12-16",0.92765,{"date":322,"score":197,"percentile":323},"2025-12-17",0.92771,{"date":325,"score":197,"percentile":326},"2025-12-18",0.92772,{"date":328,"score":197,"percentile":329},"2025-12-19",0.92773,{"date":331,"score":197,"percentile":332},"2025-12-20",0.92769,{"date":334,"score":197,"percentile":335},"2025-12-21",0.92768,{"date":337,"score":197,"percentile":338},"2025-12-22",0.92764,{"date":340,"score":197,"percentile":341},"2025-12-23",0.92767,{"date":343,"score":197,"percentile":323},"2025-12-24",{"date":345,"score":197,"percentile":346},"2025-12-25",0.92774,{"date":348,"score":197,"percentile":323},"2025-12-26",{"date":350,"score":351,"percentile":352},"2025-12-27",0.04798,0.89188,{"date":354,"score":197,"percentile":341},"2025-12-28",{"date":356,"score":197,"percentile":320},"2025-12-29",{"date":358,"score":197,"percentile":341},"2025-12-30",{"date":360,"score":197,"percentile":346},"2025-12-31",{"date":362,"score":197,"percentile":363},"2026-01-01",0.92826,{"date":365,"score":197,"percentile":366},"2026-01-02",0.92819,{"date":368,"score":197,"percentile":369},"2026-01-03",0.92818,{"date":371,"score":197,"percentile":372},"2026-01-04",0.92776,{"date":374,"score":197,"percentile":375},"2026-01-05",0.92775,{"date":377,"score":197,"percentile":378},"2026-01-06",0.92778,{"date":380,"score":197,"percentile":381},"2026-01-07",0.92777,{"date":383,"score":197,"percentile":381},"2026-01-08",{"date":385,"score":197,"percentile":386},"2026-01-09",0.92781,{"date":388,"score":197,"percentile":389},"2026-01-10",0.92788,{"date":391,"score":197,"percentile":279},"2026-01-11",{"date":393,"score":197,"percentile":279},"2026-01-12",{"date":395,"score":197,"percentile":279},"2026-01-13",{"date":397,"score":119,"percentile":398},"2026-01-14",0.90852,{"date":400,"score":119,"percentile":401},"2026-01-15",0.90854,{"date":403,"score":119,"percentile":404},"2026-01-16",0.90858,{"date":406,"score":119,"percentile":407},"2026-01-17",0.9086,{"date":409,"score":119,"percentile":407},"2026-01-18",{"date":411,"score":119,"percentile":407},"2026-01-19",{"date":413,"score":119,"percentile":414},"2026-01-20",0.90862,{"date":416,"score":119,"percentile":417},"2026-01-21",0.90867,{"date":419,"score":119,"percentile":420},"2026-01-22",0.90868,{"date":422,"score":119,"percentile":423},"2026-01-23",0.90877,{"date":425,"score":119,"percentile":426},"2026-01-24",0.90885,{"date":428,"score":119,"percentile":429},"2026-01-25",0.90887,{"date":431,"score":119,"percentile":432},"2026-01-26",0.90888,{"date":434,"score":119,"percentile":435},"2026-01-27",0.9089,{"date":437,"score":119,"percentile":438},"2026-01-28",0.90895,{"date":440,"score":119,"percentile":441},"2026-01-29",0.90896,{"date":443,"score":119,"percentile":444},"2026-01-30",0.90894,{"date":446,"score":119,"percentile":441},"2026-01-31",{"date":448,"score":119,"percentile":449},"2026-02-01",0.90952,[451],{"source":123,"cvss_v2_0":452,"cvss_v3_0":457,"cvss_v3_1":9,"cvss_v4_0":9},{"baseScore":453,"baseSeverity":9,"vectorString":454,"impactScore":455,"exploitabilityScore":456},7.5,"AV:N/AC:L/Au:N/C:P/I:P/A:P",6.4,10,{"baseScore":121,"baseSeverity":458,"vectorString":124,"impactScore":121,"exploitabilityScore":456},"CRITICAL",[460],{"ecosystem":9,"name":461,"vendor":9,"product":461,"cpe_part":9,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":462},"PHP",[463,469,471,473,475,477,479,481,483,485,487,489,491,493,495,497,499,501,503,505,507,509,511,513,515,517,519,521,523,525,527,529,531,533,535,537,539,541,543,545],{"version":464,"is_range":465,"range_type":466,"version_start":9,"version_start_type":9,"version_end":467,"version_end_type":468,"fixed_in":9},"lte5.5.37",true,"cpe","5.5.37","including",{"version":470,"is_range":76,"range_type":466,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"5.6.0:alpha1",{"version":472,"is_range":76,"range_type":466,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"5.6.0:alpha2",{"version":474,"is_range":76,"range_type":466,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"5.6.0:alpha3",{"version":476,"is_range":76,"range_type":466,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"5.6.0:alpha4",{"version":478,"is_range":76,"range_type":466,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"5.6.0:alpha5",{"version":480,"is_range":76,"range_type":466,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"5.6.0:beta1",{"version":482,"is_range":76,"range_type":466,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"5.6.0:beta2",{"version":484,"is_range":76,"range_type":466,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"5.6.0:beta3",{"version":486,"is_range":76,"range_type":466,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"5.6.0:beta4",{"version":488,"is_range":76,"range_type":466,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"5.6.1",{"version":490,"is_range":76,"range_type":466,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"5.6.2",{"version":492,"is_range":76,"range_type":466,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"5.6.3",{"version":494,"is_range":76,"range_type":466,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"5.6.4",{"version":496,"is_range":76,"range_type":466,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"5.6.5",{"version":498,"is_range":76,"range_type":466,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"5.6.6",{"version":500,"is_range":76,"range_type":466,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"5.6.7",{"version":502,"is_range":76,"range_type":466,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"5.6.8",{"version":504,"is_range":76,"range_type":466,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"5.6.9",{"version":506,"is_range":76,"range_type":466,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"5.6.10",{"version":508,"is_range":76,"range_type":466,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"5.6.11",{"version":510,"is_range":76,"range_type":466,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"5.6.12",{"version":512,"is_range":76,"range_type":466,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"5.6.13",{"version":514,"is_range":76,"range_type":466,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"5.6.14",{"version":516,"is_range":76,"range_type":466,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"5.6.15",{"version":518,"is_range":76,"range_type":466,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"5.6.16",{"version":520,"is_range":76,"range_type":466,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"5.6.17",{"version":522,"is_range":76,"range_type":466,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"5.6.18",{"version":524,"is_range":76,"range_type":466,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"5.6.19",{"version":526,"is_range":76,"range_type":466,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"5.6.20",{"version":528,"is_range":76,"range_type":466,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"5.6.21",{"version":530,"is_range":76,"range_type":466,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"5.6.22",{"version":532,"is_range":76,"range_type":466,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"5.6.23",{"version":534,"is_range":76,"range_type":466,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"7.0.0",{"version":536,"is_range":76,"range_type":466,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"7.0.1",{"version":538,"is_range":76,"range_type":466,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"7.0.2",{"version":540,"is_range":76,"range_type":466,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"7.0.3",{"version":542,"is_range":76,"range_type":466,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"7.0.4",{"version":544,"is_range":76,"range_type":466,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"7.0.5",{"version":546,"is_range":76,"range_type":466,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"7.0.8"]