CVE-2009-2687

Priority
Medium
Description
The exif_read_data function in the Exif module in PHP before 5.2.10 allows
remote attackers to cause a denial of service (crash) via a malformed JPEG
image with invalid offset fields, a different issue than CVE-2005-3353.
References
Bugs
Notes
 mdeslaur> PoC in php bug
Package
Source: php4 (LP Ubuntu Debian)
Upstream:needs-triage
Package
Source: php5 (LP Ubuntu Debian)
Upstream:released (5.2.10.dfsg.1-1)
Patches:
Upstream:http://svn.php.net/viewvc?view=revision&revision=281307
Upstream:http://svn.php.net/viewvc?view=revision&revision=281314 (5.2)
Vendor:http://git.debian.org/?p=pkg-php/php.git;a=commitdiff;h=8615d344b20548e27ffbddd78e303af8c9a90859
More Information

Valid XHTML 1.0 Strict

Updated: 2015-07-29 20:36:22 UTC (commit 9756)