|
|||
Rule General Information |
---|
Release Date: | 2014-12-24 | |
Rule Name: | PHP Exif Extension Exif_ifd_make_value Thumbnail Heap Buffer Overflow Vulnerability (CVE-2014-3670) | |
Severity: | ||
CVE ID: | ||
Rule Protection Details |
---|
Description: | The exif_ifd_make_value function in exif.c in the EXIF extension in PHP before 5.4.34, 5.5.x before 5.5.18, and 5.6.x before 5.6.2 operates on floating-point arrays incorrectly, which allows remote attackers to cause a denial of service (heap memory corruption and application crash) or possibly execute arbitrary code via a crafted JPEG image with TIFF thumbnail data that is improperly handled by the exif_thumbnail function. | |
Impact: | A buffer overflow vulnerability can be triggered by an attacker in the context of the vulnerable product. Further attacks include arbitrary code execution and denial of service. | |
Affected OS: | Windows, Other Unix, Linux | |
Reference: | SecurityFocusBID:70665 |
|
Solutions |
---|
More advisories have been published on the website, please visit for more suggestions: http://git.php.net/?p=php-src.git |