CVE-2011-0708

Published: 19 March 2011

exif.c in the Exif extension in PHP before 5.3.6 on 64-bit platforms performs an incorrect cast, which allows remote attackers to cause a denial of service (application crash) via an image with a crafted Image File Directory (IFD) that triggers a buffer over-read.

Priority

Medium

Status

Package Release Status
php5
Launchpad, Ubuntu, Debian 		Upstream
Released (5.3.6)
Patches:
Upstream: http://svn.php.net/viewvc?view=revision&revision=308316

References

Bugs

Join the discussion

Canonical is offering Extended Security Maintenance

Canonical is offering Ubuntu Extended Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM ›

Further reading