PHP 'exif_read_data()' JPEG Image Processing Denial Of Service Vulnerability Network Vulnerability

Summary

PHP is prone to a denial-of-service vulnerability in its exif_read_data()' function. Successful exploits may allow remote attackers to cause denial-of- service conditions in applications that use the vulnerable function. Versions prior to PHP 5.2.10 are affected.

Solution

Updates are available. Please see the references for more information.

References

http://archives.neohapsis.com/archives/fulldisclosure/2009-08/0339.html
http://lists.debian.org/debian-security-announce/2009/msg00263.html
http://support.avaya.com/css/P8/documents/100072880
http://www.php.net/
http://www.php.net/releases/5_2_10.php
http://www.securityfocus.com/bid/35440

Updated on 2015-03-25

Severity

Classification

CVE CVE-2009-2687

CVSS	Base Score: 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P

Related Vulnerabilities

Adobe JRun Management Console Multiple Vulnerabilities
Adobe ColdFusion Multiple Cross Site Scripting Vulnerabilities
appRain CMF 'uploadify.php' Remote Arbitrary File Upload Vulnerability
Apache Tomcat RemoteFilterValve Security Bypass Vulnerability
Aardvark Topsites <= 4.2.2 Remote File Inclusion Vulnerability

Take action and discover your vulnerabilities