CVE-2011-0708

Published: 19 March 2011

exif.c in the Exif extension in PHP before 5.3.6 on 64-bit platforms performs an incorrect cast, which allows remote attackers to cause a denial of service (application crash) via an image with a crafted Image File Directory (IFD) that triggers a buffer over-read.

Priority

Medium

Status

Package Release Status
php5
Launchpad, Ubuntu, Debian
Upstream
Released (5.3.6)
Patches:
Upstream: http://svn.php.net/viewvc?view=revision&revision=308316