Affected Software : PHP <= 5.3.5 (Exif extension for 64bit platforms) Severity : Low Local/Remote : Remote Author : @_ikki, @paradoxengine (blog.nibblesec.org) PHP Exif extension allows developers to work with image metadata within their PHP code. For instance, using exif functions it is possible to read metadata from digital camera pictures. PHP Exif extension for 64bit platforms is affected by a casting vulnerability that occurs during the image header parsing. According to our preliminary analysis, exploitation of this flaw results in Denial of Service. This vulnerability affects PHP 5.3.5 and likely all previous versions. During our analysis, we have successfully tested our PoC against PHP 5.3.2, PHP 5.3.3 and the latest PHP release 5.3.5. Using the following configuration, a system is most likely vulnerable: (a) PHP 64bit version (b) PHP compiled with --enable-exif (c) memory_limit = -1 Fix is already applied in our 5.3 and trunk branches: http://svn.php.net/viewvc?view=revision&revision=308316 http://svn.php.net/viewvc?view=revision&revision=308317 Note for the distro maintainers, please hang on a bit before applying it, at least a couple of day to be sure that the fix covers all cases or do not break anything. Tests pass but we never know :) CVE Requested.
CVE-2011-0708 Assigned
*** This bug has been marked as a duplicate of bug 358791 ***
