PT-2011-1236 · Php+2 · Php+2

Publicado

2011-03-19

Atualizado

2024-06-15

CVE-2011-0708

CVSS v2.0

4.3

Média

Vetor

AV:N/AC:M/Au:N/C:N/I:N/A:P

Name of the Vulnerable Software and Affected Versions PHP versions prior to 5.3.6

Description The issue is caused by an incorrect cast in the Exif extension, leading to a buffer over-read when processing a crafted Image File Directory (IFD) in an image. This allows remote attackers to cause a denial of service, resulting in an application crash. The vulnerability exists due to incorrect calculations in the exif.c file of the Exif extension in PHP.

Recommendations For versions prior to 5.3.6, update to version 5.3.6 or later to resolve the issue. As a temporary workaround, consider restricting the use of the Exif extension until a patch is applied. Avoid using the Exif extension to process untrusted images until the issue is resolved.

Exploit

Correção

DoS

Buffer Overflow

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-119

Identificadores relacionados

BDU:2022-02608

CVE-2011-0708

DSA-2266-1

OPENSUSE-SU-2024:10290-1

OPENSUSE-SU-2024:10344-1

OPENSUSE-SU-2024:11169-1

RHSA-2011:1423

RHSA-2011_1423

RHSA-2012:0033

RHSA-2012:0071

RHSA-2012_0033

RHSA-2012_0071

Produtos afetados

Php

Red Hat

Suse

PT-2011-1236 · Php+2 · Php+2

CVE-2011-0708

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 197