PHP EXIF Header Denial Of Service Vulnerability (Windows) Network Vulnerability

Summary

This host is installed with PHP and is prone to denial of service vulnerability.

Impact

Successful exploitation allows remote attackers to execute arbitrary code, obtain sensitive information or cause a denial of service. Impact Level: Application

Solution

Upgrade to PHP version 5.4.0 beta 4 or later. For updates refer to http://www.php.net/downloads.php

Insight

The flaw is due to an integer overflow error in 'exif_process_IFD_TAG' function in the 'ext/exif/exif.c' file, Allows remote attackers to cause denial of service via crafted offset_val value in an EXIF header.

Affected

PHP version 5.4.0 beta 2 on windows.

References

http://olex.openlogic.com/wazi/2011/php-5-4-0-medium/
https://bugs.php.net/bug.php?id=60150
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-4566

Updated on 2015-03-25

Severity

Classification

CVE CVE-2011-4566

CVSS	Base Score: 6.4 AV:N/AC:L/Au:N/C:P/I:N/A:P

Related Vulnerabilities

AyeView GIF Image Handling Denial of Service Vulnerability
freeSSHd Pre-Authentication Error Remote DoS Vulnerability
Apache Subversion 'mod_dav_svn' log REPORT Request DoS Vulnerability
FreeType Memory Corruption and Buffer Overflow Vulnerabilities (Windows)
BadBlue invalid GET DoS

PHP EXIF Header Denial of Service Vulnerability (Windows)

Take action and discover your vulnerabilities