CVE-2014-3670

Name of the Vulnerable Software and Affected Versions PHP versions prior to 5.4.34 PHP versions 5.5.x prior to 5.5.18 PHP versions 5.6.x prior to 5.6.2

Description The issue is caused by a buffer overflow in the PHP language interpreter extension. It may allow a remote attacker to execute arbitrary code or cause a denial of service through a crafted JPEG image with TIFF thumbnail data. The exif ifd make value function in exif.c operates on floating-point arrays incorrectly, leading to heap memory corruption and application crash.

Recommendations For PHP versions prior to 5.4.34, update to version 5.4.34 or later. For PHP versions 5.5.x prior to 5.5.18, update to version 5.5.18 or later. For PHP versions 5.6.x prior to 5.6.2, update to version 5.6.2 or later. As a temporary workaround, consider restricting the handling of JPEG images with TIFF thumbnail data to minimize the risk of exploitation.