ID CVE-2011-4566
Summary Integer overflow in the exif_process_IFD_TAG function in exif.c in the exif extension in PHP 5.4.0beta2 on 32-bit platforms allows remote attackers to read the contents of arbitrary memory locations or cause a denial of service via a crafted offset_val value in an EXIF header in a JPEG file, a different vulnerability than CVE-2011-0708. Per: https://bugs.php.net/bug.php?id=60150 'The bug is only present in 32 bits version.'
References
Vulnerable Configurations
  • cpe:2.3:a:php:php:5.4.0:beta2:32-bit:*:*:*:*:*
    cpe:2.3:a:php:php:5.4.0:beta2:32-bit:*:*:*:*:*
CVSS
Base: 6.4 (as of 29-08-2017 - 01:30)
Impact:
Exploitability:
CWE CWE-189
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL NONE PARTIAL
cvss-vector via4 AV:N/AC:L/Au:N/C:P/I:N/A:P
redhat via4
advisories
  • rhsa
    id RHSA-2012:0019
  • rhsa
    id RHSA-2012:0071
rpms
  • php-0:5.3.3-3.el6_2.5
  • php-bcmath-0:5.3.3-3.el6_2.5
  • php-cli-0:5.3.3-3.el6_2.5
  • php-common-0:5.3.3-3.el6_2.5
  • php-dba-0:5.3.3-3.el6_2.5
  • php-debuginfo-0:5.3.3-3.el6_2.5
  • php-devel-0:5.3.3-3.el6_2.5
  • php-embedded-0:5.3.3-3.el6_2.5
  • php-enchant-0:5.3.3-3.el6_2.5
  • php-gd-0:5.3.3-3.el6_2.5
  • php-imap-0:5.3.3-3.el6_2.5
  • php-intl-0:5.3.3-3.el6_2.5
  • php-ldap-0:5.3.3-3.el6_2.5
  • php-mbstring-0:5.3.3-3.el6_2.5
  • php-mysql-0:5.3.3-3.el6_2.5
  • php-odbc-0:5.3.3-3.el6_2.5
  • php-pdo-0:5.3.3-3.el6_2.5
  • php-pgsql-0:5.3.3-3.el6_2.5
  • php-process-0:5.3.3-3.el6_2.5
  • php-pspell-0:5.3.3-3.el6_2.5
  • php-recode-0:5.3.3-3.el6_2.5
  • php-snmp-0:5.3.3-3.el6_2.5
  • php-soap-0:5.3.3-3.el6_2.5
  • php-tidy-0:5.3.3-3.el6_2.5
  • php-xml-0:5.3.3-3.el6_2.5
  • php-xmlrpc-0:5.3.3-3.el6_2.5
  • php-zts-0:5.3.3-3.el6_2.5
  • php53-0:5.3.3-1.el5_7.5
  • php53-bcmath-0:5.3.3-1.el5_7.5
  • php53-cli-0:5.3.3-1.el5_7.5
  • php53-common-0:5.3.3-1.el5_7.5
  • php53-dba-0:5.3.3-1.el5_7.5
  • php53-debuginfo-0:5.3.3-1.el5_7.5
  • php53-devel-0:5.3.3-1.el5_7.5
  • php53-gd-0:5.3.3-1.el5_7.5
  • php53-imap-0:5.3.3-1.el5_7.5
  • php53-intl-0:5.3.3-1.el5_7.5
  • php53-ldap-0:5.3.3-1.el5_7.5
  • php53-mbstring-0:5.3.3-1.el5_7.5
  • php53-mysql-0:5.3.3-1.el5_7.5
  • php53-odbc-0:5.3.3-1.el5_7.5
  • php53-pdo-0:5.3.3-1.el5_7.5
  • php53-pgsql-0:5.3.3-1.el5_7.5
  • php53-process-0:5.3.3-1.el5_7.5
  • php53-pspell-0:5.3.3-1.el5_7.5
  • php53-snmp-0:5.3.3-1.el5_7.5
  • php53-soap-0:5.3.3-1.el5_7.5
  • php53-xml-0:5.3.3-1.el5_7.5
  • php53-xmlrpc-0:5.3.3-1.el5_7.5
  • php-0:5.1.6-27.el5_7.4
  • php-bcmath-0:5.1.6-27.el5_7.4
  • php-cli-0:5.1.6-27.el5_7.4
  • php-common-0:5.1.6-27.el5_7.4
  • php-dba-0:5.1.6-27.el5_7.4
  • php-debuginfo-0:5.1.6-27.el5_7.4
  • php-devel-0:5.1.6-27.el5_7.4
  • php-gd-0:5.1.6-27.el5_7.4
  • php-imap-0:5.1.6-27.el5_7.4
  • php-ldap-0:5.1.6-27.el5_7.4
  • php-mbstring-0:5.1.6-27.el5_7.4
  • php-mysql-0:5.1.6-27.el5_7.4
  • php-ncurses-0:5.1.6-27.el5_7.4
  • php-odbc-0:5.1.6-27.el5_7.4
  • php-pdo-0:5.1.6-27.el5_7.4
  • php-pgsql-0:5.1.6-27.el5_7.4
  • php-snmp-0:5.1.6-27.el5_7.4
  • php-soap-0:5.1.6-27.el5_7.4
  • php-xml-0:5.1.6-27.el5_7.4
  • php-xmlrpc-0:5.1.6-27.el5_7.4
  • php-0:4.3.9-3.35
  • php-debuginfo-0:4.3.9-3.35
  • php-devel-0:4.3.9-3.35
  • php-domxml-0:4.3.9-3.35
  • php-gd-0:4.3.9-3.35
  • php-imap-0:4.3.9-3.35
  • php-ldap-0:4.3.9-3.35
  • php-mbstring-0:4.3.9-3.35
  • php-mysql-0:4.3.9-3.35
  • php-ncurses-0:4.3.9-3.35
  • php-odbc-0:4.3.9-3.35
  • php-pear-0:4.3.9-3.35
  • php-pgsql-0:4.3.9-3.35
  • php-snmp-0:4.3.9-3.35
  • php-xmlrpc-0:4.3.9-3.35
refmap via4
apple APPLE-SA-2012-05-09-1
bid 50907
confirm
debian DSA-2399
mandriva MDVSA-2011:197
secunia
  • 47253
  • 48668
suse openSUSE-SU-2012:0426
ubuntu USN-1307-1
xf php-exifprocessifdtag-dos(71612)
Last major update 29-08-2017 - 01:30
Published 29-11-2011 - 00:55
Last modified 29-08-2017 - 01:30
Back to Top