Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 396533 (CVE-2011-4566) - <dev-lang/php-5.3.9 Integer overflow in the exif_process_IFD_TAG function Information Leak or DoS (CVE-2011-4566)
Summary: <dev-lang/php-5.3.9 Integer overflow in the exif_process_IFD_TAG function Inf...
Status: RESOLVED FIXED
Alias: CVE-2011-4566
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal minor (vote)
Assignee: Gentoo Security
URL: http://www.mandriva.com/en/support/se...
Whiteboard: B3 [glsa]
Keywords:
Depends on: CVE-2011-3379
Blocks:
  Show dependency tree
 
Reported: 2011-12-30 17:07 UTC by Michael Harrison
Modified: 2012-09-24 00:27 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Michael Harrison 2011-12-30 17:07:44 UTC
Integer overflow in the exif_process_IFD_TAG function in exif.c
in the exif extension in PHP 5.4.0beta2 on 32-bit platforms allows
remote attackers to read the contents of arbitrary memory locations or
cause a denial of service via a crafted offset_val value in an EXIF
header in a JPEG file.
Comment 1 Agostino Sarubbo gentoo-dev 2012-01-11 22:52:46 UTC
Fixed in 5.3.9
Comment 2 Agostino Sarubbo gentoo-dev 2012-01-17 09:03:30 UTC
Added to existing glsa request
Comment 3 GLSAMaker/CVETool Bot gentoo-dev 2012-02-21 04:11:53 UTC
CVE-2011-4566 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-4566):
  Integer overflow in the exif_process_IFD_TAG function in exif.c in the exif
  extension in PHP 5.4.0beta2 on 32-bit platforms allows remote attackers to
  read the contents of arbitrary memory locations or cause a denial of service
  via a crafted offset_val value in an EXIF header in a JPEG file, a different
  vulnerability than CVE-2011-0708.
Comment 4 GLSAMaker/CVETool Bot gentoo-dev 2012-09-24 00:27:29 UTC
This issue was resolved and addressed in
 GLSA 201209-03 at http://security.gentoo.org/glsa/glsa-201209-03.xml
by GLSA coordinator Sean Amoss (ackle).