You are here

CVE-2011-4566

Vincent (CVE) Danen's picture
Integer overflow in the exif_process_IFD_TAG function in exif.c in the exif extension in PHP 5.4.0beta2 on 32-bit platforms allows remote attackers to read the contents of arbitrary memory locations or cause a denial of service via a crafted offset_val value in an EXIF header in a JPEG file, a different vulnerability than CVE-2011-0708.

Details Source

Mitre

Public Date

2011-10-27 00:00:00

Impact

Moderate

Bugzilla

CVE-2011-4566 php: integer overflow in exif_process_IFD_TAG() may lead to DoS or arbitrary memory disclosure

Bugzilla ID

758 413

CVSS Status

verified

Base Score

5.80

Base Metrics

AV:N/AC:M/Au:N/C:P/I:N/A:P

Red Hat Security Errata

Platform Errata Release Date
Red Hat Enterprise Linux 5 (php53) RHSA-2012:0019 2012-01-11
Red Hat Enterprise Linux 6 (php) RHSA-2012:0019 2012-01-11
Red Hat Enterprise Linux 5 (php) RHSA-2012:0033 2012-01-18
Red Hat Enterprise Linux 4 (php) RHSA-2012:0071 2012-01-30

CWE

CWE-190