Published: 05/08/2009 Updated: 19/01/2023

CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6

VMScore: 383

Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P

The exif_read_data function in the Exif module in PHP prior to 5.2.10 allows remote malicious users to cause a denial of service (crash) via a malformed JPEG image with invalid offset fields, a different issue than CVE-2005-3353.

Vulnerable Product	Search on Vulmon	Subscribe to Product
php php
debian debian linux 5.0
debian debian linux 4.0
debian debian linux 6.0

Synopsis Moderate: php security update Type/Severity Security Advisory: Moderate Topic Updated php packages that fix several security issues are now available forRed Hat Enterprise Linux 3, 4, and 5This update has been rated as having moderate security impact by the RedHat Security Response Team ...

It was discovered that PHP did not properly handle certain malformed JPEG images when being parsed by the Exif module A remote attacker could exploit this flaw and cause the PHP server to crash, resulting in a denial of service ...

Debian Bug report logs - #540605 php5: memory disclosure Package: php5; Maintainer for php5 is Debian PHP Maintainers <pkg-php-maint@listsaliothdebianorg>; Source for php5 is src:php5 (PTS, buildd, popcon) Reported by: "Michael S Gilbert" <michaelsgilbert@gmailcom> Date: Sun, 9 Aug 2009 04:30:04 UTC Severity ...

Debian Bug report logs - #535888 php: segfaults on corrupted jpeg files Package: php5; Maintainer for php5 is Debian PHP Maintainers <pkg-php-maint@listsaliothdebianorg>; Source for php5 is src:php5 (PTS, buildd, popcon) Reported by: "Michael S Gilbert" <michaelsgilbert@gmailcom> Date: Sun, 5 Jul 2009 19:57:0 ...

CWE-20 http://www.php.net/releases/5_2_10.php http://secunia.com/advisories/35441 http://osvdb.org/55222 http://www.securityfocus.com/bid/35440 http://www.vupen.com/english/advisories/2009/1632 http://bugs.php.net/bug.php?id=48378 http://www.mandriva.com/security/advisories?name=MDVSA-2009:167 http://www.mandriva.com/security/advisories?name=MDVSA-2009:145 http://secunia.com/advisories/36462 http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00004.html http://secunia.com/advisories/37482 http://www.debian.org/security/2009/dsa-1940 http://secunia.com/advisories/40262 http://marc.info/?l=bugtraq&m=127680701405735&w=2 https://exchange.xforce.ibmcloud.com/vulnerabilities/51253 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6655 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10695 https://usn.ubuntu.com/824-1/https://access.redhat.com/errata/RHSA-2010:0040 https://usn.ubuntu.com/824-1/https://nvd.nist.gov

CVE-2009-2687

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect