Published: 29/11/2011 Updated: 29/08/2022

CVSS v2 Base Score: 6.4 | Impact Score: 4.9 | Exploitability Score: 10

VMScore: 570

Vector: AV:N/AC:L/Au:N/C:P/I:N/A:P

Integer overflow in the exif_process_IFD_TAG function in exif.c in the exif extension in PHP 5.4.0beta2 on 32-bit platforms allows remote malicious users to read the contents of arbitrary memory locations or cause a denial of service via a crafted offset_val value in an EXIF header in a JPEG file, a different vulnerability than CVE-2011-0708.

Vulnerable Product	Search on Vulmon	Subscribe to Product
php php 5.4.0
php php
debian debian linux 5.0
debian debian linux 7.0
debian debian linux 6.0
canonical ubuntu linux 10.10
canonical ubuntu linux 11.04
canonical ubuntu linux 11.10
canonical ubuntu linux 8.04
canonical ubuntu linux 10.04

PHP could be made to crash or disclose sensitive information if it processed a specially crafted image file ...

Debian Bug report logs - #656308 CVE-2012-0057: XSLT file writing vulnerability Package: src:php5; Maintainer for src:php5 is Debian PHP Maintainers <pkg-php-maint@listsaliothdebianorg>; Reported by: Yves-Alexis Perez <corsac@debianorg> Date: Wed, 18 Jan 2012 10:36:01 UTC Severity: grave Tags: patch, security, up ...

Synopsis Moderate: php security update Type/Severity Security Advisory: Moderate Topic Updated php packages that fix several security issues are now available forRed Hat Enterprise Linux 5The Red Hat Security Response Team has rated this update as having moderatesecurity impact Common Vulnerability Scorin ...

Synopsis Moderate: php security update Type/Severity Security Advisory: Moderate Topic Updated php packages that fix several security issues are now available forRed Hat Enterprise Linux 4The Red Hat Security Response Team has rated this update as having moderatesecurity impact Common Vulnerability Scorin ...

Synopsis Moderate: php53 and php security update Type/Severity Security Advisory: Moderate Topic Updated php53 and php packages that fix two security issues are nowavailable for Red Hat Enterprise Linux 5 and 6 respectivelyThe Red Hat Security Response Team has rated this update as having moderatesecurity ...

Several vulnerabilities have been discovered in PHP, the web scripting language The Common Vulnerabilities and Exposures project identifies the following issues: CVE-2011-1938 The UNIX socket handling allowed attackers to trigger a buffer overflow via a long path name CVE-2011-2483 The crypt_blowfish function did not properly handle 8-bit ...

It was found that the hashing routine used by PHP arrays was susceptible to predictable hash collisions If an HTTP POST request to a PHP application contained many parameters whose names map to the same hash value, a large amount of CPU time would be consumed This flaw has been mitigated by adding a new configuration directive, max_input_vars, th ...

CWE-189 https://bugs.php.net/bug.php?id=60150 http://www.securityfocus.com/bid/50907 http://www.redhat.com/support/errata/RHSA-2012-0019.html http://www.debian.org/security/2012/dsa-2399 http://support.apple.com/kb/HT5281 http://lists.apple.com/archives/security-announce/2012/May/msg00001.html http://secunia.com/advisories/48668 http://lists.opensuse.org/opensuse-security-announce/2012-03/msg00016.html http://secunia.com/advisories/47253 http://rhn.redhat.com/errata/RHSA-2012-0071.html http://www.mandriva.com/security/advisories?name=MDVSA-2011:197 https://www.ubuntu.com/usn/USN-1307-1/https://exchange.xforce.ibmcloud.com/vulnerabilities/71612 https://usn.ubuntu.com/1307-1/https://nvd.nist.gov

CVE-2011-4566

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect