Fluid Attacks Database

Description

exif.c in the Exif extension in PHP before 5.3.6 on 64-bit platforms performs an incorrect cast, which allows remote attackers to cause a denial of service (application crash) via an image with a crafted Image File Directory (IFD) that triggers a buffer over-read.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
rpm rhel5	php53	<0:5.3.3-1.el5_7.3	0:5.3.3-1.el5_7.3
rpm rhel6	php	<0:5.3.3-3.el6_1.3	0:5.3.3-3.el6_1.3
rpm rhel5	php	<0:5.1.6-27.el5_7.4	0:5.1.6-27.el5_7.4

Aliases

1. CVE-2011-07082. NVD-2011-07083. OSV-2011-0708

References

1. https://www.exploit-db.com/exploits/16261

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.