CVE-2011-4566

2011-11-2900:55:00

CWE-189

[email protected]

web.nvd.nist.gov

173

cve-2011-4566

integer overflow

exif_process_ifd_tag

php

remote attackers

memory locations

denial of service

crafted offset_val

exif header

jpeg file

7 High

AI Score

Confidence

Low

6.4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:N/A:P

0.882 High

EPSS

Percentile

98.6%

JSON

Integer overflow in the exif_process_IFD_TAG function in exif.c in the exif extension in PHP 5.4.0beta2 on 32-bit platforms allows remote attackers to read the contents of arbitrary memory locations or cause a denial of service via a crafted offset_val value in an EXIF header in a JPEG file, a different vulnerability than CVE-2011-0708.

CPENameOperatorVersion
php:phpphpeq5.4.0
php:phpphplt5.3.9
debian:debian_linuxdebian debian linuxeq5.0
debian:debian_linuxdebian debian linuxeq7.0
debian:debian_linuxdebian debian linuxeq6.0
canonical:ubuntu_linuxcanonical ubuntu linuxeq10.10
canonical:ubuntu_linuxcanonical ubuntu linuxeq11.04
canonical:ubuntu_linuxcanonical ubuntu linuxeq11.10
canonical:ubuntu_linuxcanonical ubuntu linuxeq8.04
canonical:ubuntu_linuxcanonical ubuntu linuxeq10.04

CPE	Name	Operator	Version
php:php	php	eq	5.4.0
php:php	php	lt	5.3.9
debian:debian_linux	debian debian linux	eq	5.0
debian:debian_linux	debian debian linux	eq	7.0
debian:debian_linux	debian debian linux	eq	6.0
canonical:ubuntu_linux	canonical ubuntu linux	eq	10.10
canonical:ubuntu_linux	canonical ubuntu linux	eq	11.04
canonical:ubuntu_linux	canonical ubuntu linux	eq	11.10
canonical:ubuntu_linux	canonical ubuntu linux	eq	8.04
canonical:ubuntu_linux	canonical ubuntu linux	eq	10.04