Bug 354875 (CVE-2011-0708)

Description Yury German 2011-02-14 14:46:37 UTC

Affected Software : PHP <= 5.3.5 (Exif extension for 64bit platforms)
Severity          : Low
Local/Remote      : Remote
Author            : @_ikki, @paradoxengine (blog.nibblesec.org)

PHP Exif extension allows developers to work with image metadata
within their PHP code. For instance, using exif functions it is possible
to read metadata from digital camera pictures.

PHP Exif extension for 64bit platforms is affected by a casting
vulnerability that occurs during the image header parsing.
According to our preliminary analysis, exploitation of this flaw results
in Denial of Service.

This vulnerability affects PHP 5.3.5 and likely all previous versions.
During our analysis, we have successfully tested our PoC against PHP
5.3.2, PHP 5.3.3 and the latest PHP release 5.3.5.

Using the following configuration, a system is most likely vulnerable:
 (a) PHP 64bit version
 (b) PHP compiled with --enable-exif
 (c) memory_limit = -1


Fix is already applied in our 5.3 and trunk branches:

http://svn.php.net/viewvc?view=revision&revision=308316
http://svn.php.net/viewvc?view=revision&revision=308317

Note for the distro maintainers, please hang on a bit before applying
it, at least a couple of day to be sure that the fix covers all cases
or do not break anything. Tests pass but we never know :)

CVE Requested.