TROYANOSYVIRUS
Back to CVEs

CVE-2011-0708

N/A

Description

exif.c in the Exif extension in PHP before 5.3.6 on 64-bit platforms performs an incorrect cast, which allows remote attackers to cause a denial of service (application crash) via an image with a crafted Image File Directory (IFD) that triggers a buffer over-read.

CVE Details

CVSS v3.1 ScoreN/A
Published3/20/2011
Last Modified4/29/2026
Sourcenvd
Honeypot Sightings0

Affected Products

php:php

Weaknesses (CWE)

CWE-119

References

http://bugs.php.net/bug.php?id=54002(secalert@redhat.com)
http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html(secalert@redhat.com)
http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057709.html(secalert@redhat.com)
http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057710.html(secalert@redhat.com)
http://lists.fedoraproject.org/pipermail/package-announce/2011-March/056642.html(secalert@redhat.com)
http://marc.info/?l=bugtraq&m=133469208622507&w=2(secalert@redhat.com)
http://openwall.com/lists/oss-security/2011/02/14/1(secalert@redhat.com)
http://openwall.com/lists/oss-security/2011/02/16/7(secalert@redhat.com)
http://rhn.redhat.com/errata/RHSA-2012-0071.html(secalert@redhat.com)
http://securityreason.com/securityalert/8114(secalert@redhat.com)
http://support.apple.com/kb/HT5002(secalert@redhat.com)
http://svn.php.net/viewvc?view=revision&revision=308316(secalert@redhat.com)
http://www.debian.org/security/2011/dsa-2266(secalert@redhat.com)
http://www.exploit-db.com/exploits/16261/(secalert@redhat.com)
http://www.mandriva.com/security/advisories?name=MDVSA-2011:052(secalert@redhat.com)
http://www.mandriva.com/security/advisories?name=MDVSA-2011:053(secalert@redhat.com)
http://www.php.net/ChangeLog-5.php(secalert@redhat.com)
http://www.php.net/archive/2011.php(secalert@redhat.com)
http://www.php.net/releases/5_3_6.php(secalert@redhat.com)
http://www.redhat.com/support/errata/RHSA-2011-1423.html(secalert@redhat.com)
http://www.securityfocus.com/bid/46365(secalert@redhat.com)
http://www.vupen.com/english/advisories/2011/0744(secalert@redhat.com)
http://www.vupen.com/english/advisories/2011/0764(secalert@redhat.com)
http://www.vupen.com/english/advisories/2011/0890(secalert@redhat.com)
https://bugzilla.redhat.com/show_bug.cgi?id=680972(secalert@redhat.com)
http://bugs.php.net/bug.php?id=54002(af854a3a-2127-422b-91ae-364da2661108)
http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html(af854a3a-2127-422b-91ae-364da2661108)
http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057709.html(af854a3a-2127-422b-91ae-364da2661108)
http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057710.html(af854a3a-2127-422b-91ae-364da2661108)
http://lists.fedoraproject.org/pipermail/package-announce/2011-March/056642.html(af854a3a-2127-422b-91ae-364da2661108)
http://marc.info/?l=bugtraq&m=133469208622507&w=2(af854a3a-2127-422b-91ae-364da2661108)
http://openwall.com/lists/oss-security/2011/02/14/1(af854a3a-2127-422b-91ae-364da2661108)
http://openwall.com/lists/oss-security/2011/02/16/7(af854a3a-2127-422b-91ae-364da2661108)
http://rhn.redhat.com/errata/RHSA-2012-0071.html(af854a3a-2127-422b-91ae-364da2661108)
http://securityreason.com/securityalert/8114(af854a3a-2127-422b-91ae-364da2661108)
http://support.apple.com/kb/HT5002(af854a3a-2127-422b-91ae-364da2661108)
http://svn.php.net/viewvc?view=revision&revision=308316(af854a3a-2127-422b-91ae-364da2661108)
http://www.debian.org/security/2011/dsa-2266(af854a3a-2127-422b-91ae-364da2661108)
http://www.exploit-db.com/exploits/16261/(af854a3a-2127-422b-91ae-364da2661108)
http://www.mandriva.com/security/advisories?name=MDVSA-2011:052(af854a3a-2127-422b-91ae-364da2661108)
http://www.mandriva.com/security/advisories?name=MDVSA-2011:053(af854a3a-2127-422b-91ae-364da2661108)
http://www.php.net/ChangeLog-5.php(af854a3a-2127-422b-91ae-364da2661108)
http://www.php.net/archive/2011.php(af854a3a-2127-422b-91ae-364da2661108)
http://www.php.net/releases/5_3_6.php(af854a3a-2127-422b-91ae-364da2661108)
http://www.redhat.com/support/errata/RHSA-2011-1423.html(af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/bid/46365(af854a3a-2127-422b-91ae-364da2661108)
http://www.vupen.com/english/advisories/2011/0744(af854a3a-2127-422b-91ae-364da2661108)
http://www.vupen.com/english/advisories/2011/0764(af854a3a-2127-422b-91ae-364da2661108)
http://www.vupen.com/english/advisories/2011/0890(af854a3a-2127-422b-91ae-364da2661108)
https://bugzilla.redhat.com/show_bug.cgi?id=680972(af854a3a-2127-422b-91ae-364da2661108)

IOC Correlations

No correlations recorded

This product uses data from the NVD API but is not endorsed or certified by the NVD.