Summary
PHP is prone to a denial-of-service vulnerability in its exif_read_data()' function.
Successful exploits may allow remote attackers to cause denial-of- service conditions in applications that use the vulnerable function.
Versions prior to PHP 5.2.10 are affected.
Solution
Updates are available. Please see the references for more information.
References
- http://archives.neohapsis.com/archives/fulldisclosure/2009-08/0339.html
- http://lists.debian.org/debian-security-announce/2009/msg00263.html
- http://support.avaya.com/css/P8/documents/100072880
- http://www.php.net/
- http://www.php.net/releases/5_2_10.php
- http://www.securityfocus.com/bid/35440
Updated on 2015-03-25
Severity
Classification
-
CVE CVE-2009-2687 -
CVSS Base Score: 4.3
AV:N/AC:M/Au:N/C:N/I:N/A:P
Related Vulnerabilities