FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

CVE-2011-4566

This CVE name corresponds to:

Entered Topic
2012-01-11 php -- multiple vulnerabilities

The following information is adapted from the Common Vulnerabilities and Exposures (CVE) project. CVE and the CVE logo are trademarks of The MITRE Corporation. CVE content is Copyright 2005, The MITRE Corporation.

CVE-2011-4566 at cve.mitre.org

Details

Type Candidate
Name CVE-2011-4566
Phase Assigned(20111128)

Description

Integer overflow in the exif_process_IFD_TAG function in exif.c in the exif extension in PHP 5.4.0beta2 on 32-bit platforms allows remote attackers to read the contents of arbitrary memory locations or cause a denial of service via a crafted offset_val value in an EXIF header in a JPEG file, a different vulnerability than CVE-2011-0708.

References

Source Reference
CONFIRM https://bugs.php.net/bug.php?id=60150
CONFIRM http://support.apple.com/kb/HT5281
APPLE APPLE-SA-2012-05-09-1
DEBIAN DSA-2399
MANDRIVA MDVSA-2011:197
REDHAT RHSA-2012:0019
REDHAT RHSA-2012:0071
SUSE openSUSE-SU-2012:0426
UBUNTU USN-1307-1
BID 50907
SECUNIA 48668
SECUNIA 47253
XF php-exifprocessifdtag-dos(71612)

Copyright © 2005 The MITRE Corporation.

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.