|
|
|||
| Rule General Information |
|---|
| Release Date: | 2014-12-24 | |
| Rule Name: | PHP Exif Extension Exif_ifd_make_value Thumbnail Heap Buffer Overflow Vulnerability (CVE-2014-3670) | |
| Severity: | ||
| CVE ID: | ||
| Rule Protection Details |
|---|
| Description: | The exif_ifd_make_value function in exif.c in the EXIF extension in PHP before 5.4.34, 5.5.x before 5.5.18, and 5.6.x before 5.6.2 operates on floating-point arrays incorrectly, which allows remote attackers to cause a denial of service (heap memory corruption and application crash) or possibly execute arbitrary code via a crafted JPEG image with TIFF thumbnail data that is improperly handled by the exif_thumbnail function. | |
| Impact: | A buffer overflow vulnerability can be triggered by an attacker in the context of the vulnerable product. Further attacks include arbitrary code execution and denial of service. | |
| Affected OS: | Windows, Other Unix, Linux | |
| Reference: | SecurityFocusBID:70665 |
|
| Solutions |
|---|
| More advisories have been published on the website, please visit for more suggestions: http://git.php.net/?p=php-src.git |