PT-2011-1236 · Php+2 · Php+2

Published

2011-03-19

Updated

2024-06-15

CVE-2011-0708

CVSS v2.0

4.3

Medium

Vector

AV:N/AC:M/Au:N/C:N/I:N/A:P

Name of the Vulnerable Software and Affected Versions PHP versions prior to 5.3.6

Description The issue is caused by an incorrect cast in the Exif extension, leading to a buffer over-read when processing a crafted Image File Directory (IFD) in an image. This allows remote attackers to cause a denial of service, resulting in an application crash. The vulnerability exists due to incorrect calculations in the exif.c file of the Exif extension in PHP.

Recommendations For versions prior to 5.3.6, update to version 5.3.6 or later to resolve the issue. As a temporary workaround, consider restricting the use of the Exif extension until a patch is applied. Avoid using the Exif extension to process untrusted images until the issue is resolved.

Exploit

Fix

DoS

Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-119

Related Identifiers

BDU:2022-02608

CVE-2011-0708

DSA-2266-1

OPENSUSE-SU-2024:10290-1

OPENSUSE-SU-2024:10344-1

OPENSUSE-SU-2024:11169-1

RHSA-2011:1423

RHSA-2011_1423

RHSA-2012:0033

RHSA-2012:0071

RHSA-2012_0033

RHSA-2012_0071

Affected Products

Php

Red Hat

Suse

PT-2011-1236 · Php+2 · Php+2

CVE-2011-0708

Weakness Enumeration

Related Identifiers

Affected Products

References · 197