mirror of
https://github.com/0xMarcio/cve.git
synced 2026-05-26 01:07:59 +02:00
0xMarcio
1.4 KiB
1.4 KiB
CVE-2011-0708
Description
exif.c in the Exif extension in PHP before 5.3.6 on 64-bit platforms performs an incorrect cast, which allows remote attackers to cause a denial of service (application crash) via an image with a crafted Image File Directory (IFD) that triggers a buffer over-read.
POC
Reference
- http://bugs.php.net/bug.php?id=54002
- http://bugs.php.net/bug.php?id=54002
- http://openwall.com/lists/oss-security/2011/02/14/1
- http://openwall.com/lists/oss-security/2011/02/14/1
- http://openwall.com/lists/oss-security/2011/02/16/7
- http://openwall.com/lists/oss-security/2011/02/16/7
- http://securityreason.com/securityalert/8114
- http://securityreason.com/securityalert/8114
- http://www.exploit-db.com/exploits/16261/
- http://www.exploit-db.com/exploits/16261/
- http://www.mandriva.com/security/advisories?name=MDVSA-2011:052
- http://www.mandriva.com/security/advisories?name=MDVSA-2011:052