Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2011-4566

Overview

Vulnerability Score 6.4 6.4
CVE Id CVE-2011-4566
Last Modified 06 Nov 2012 12:03:59
Published 28 Nov 2011 07:55:01
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2011-4566

Summary

Integer overflow in the exif_process_IFD_TAG function in exif.c in the exif extension in PHP 5.4.0beta2 on 32-bit platforms allows remote attackers to read the contents of arbitrary memory locations or cause a denial of service via a crafted offset_val value in an EXIF header in a JPEG file, a different vulnerability than CVE-2011-0708.

Vulnerable Systems

Application

  • Php 5.4.0


References

CONFIRM - https://bugs.php.net/bug.php?id=60150

XF - php-exifprocessifdtag-dos(71612)

BID - 50907

REDHAT - RHSA-2012:0019

DEBIAN - DSA-2399

CONFIRM - http://support.apple.com/kb/HT5281

APPLE - APPLE-SA-2012-05-09-1

SECUNIA - 48668

SUSE - openSUSE-SU-2012:0426

UBUNTU - USN-1307-1

SECUNIA - 47253

MANDRIVA - MDVSA-2011:197

REDHAT - RHSA-2012:0071

Related Patches

Apple 2012-05-09 Mac OS X 10.7.4 Combo Update

Apple 2012-05-09 Mac OS X Server 10.7.4 Combo Update

Apple 2012-05-09 Mac OS X 10.7.4 Update

Apple 2012-05-09 Mac OS X Server 10.7.4 Update

Red Hat 2012:0019-01 RHSA Moderate: php53 and php security update for RHEL 5 x86

Red Hat 2012:0019-01 RHSA Moderate: php53 and php security update for RHEL 5 x86_64

Red Hat 2012:0033-01 RHSA Moderate: php security update for RHEL 5 x86

Red Hat 2012:0033-01 RHSA Moderate: php security update for RHEL 5 x86_64

Red Hat 2012:0071-01 RHSA Moderate: php security update for RHEL 4 x86

Red Hat 2012:0071-01 RHSA Moderate: php security update for RHEL 4 x86_64

Novell SUSE 2012:5964 apache2-mod_php5 security update for SLES 11 SP1 x86_64

Novell SUSE 2012:5964 apache2-mod_php5 security update for SLES 11 SP1 i586


Last Updated: 27 May 2016 10:57:52