#VU45193 Out-of-bounds read in PHP - CVE-2011-0708
Vulnerability identifier: #VU45193
Vulnerability risk: Medium
CVSSv4.0: 5.5 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/U:Green]
CVE-ID:
CWE-ID:
CWE-125
Exploitation vector: Network
Exploit availability: Yes
Vulnerable software:
PHP
Universal components / Libraries /
Scripting languages
Vendor: PHP Group
Description
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary error in exif.c in the Exif extension in PHP before 5.3.6 on 64-bit platforms performs an incorrect cast, which. A remote attacker can perform a denial of service (application crash) via an image with a crafted Image File Directory (IFD) that triggers a buffer over-read.
Mitigation
Cybersecurity Help is currently unaware of any official solution to address this vulnerability.
Vulnerable software versions
PHP: 1.0, 2.0b10, 2.0, 3.0 - 3.0.18, 4.0 - 4.0.7, 4.1.0 - 4.1.2, 4.2.0 - 4.2.3, 4.3.0 - 4.3.11, 4.4.0 - 4.4.9, 5.0.0 - 5.0.5, 5.1.0 - 5.1.6, 5.2.0 - 5.2.17, 5.3.0 - 5.3.4
External links
https://bugs.php.net/bug.php?id=54002
https://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html
https://lists.fedoraproject.org/pipermail/package-announce/2011-April/057709.html
https://lists.fedoraproject.org/pipermail/package-announce/2011-April/057710.html
https://lists.fedoraproject.org/pipermail/package-announce/2011-March/056642.html
https://marc.info/?l=bugtraq&m=133469208622507&w=2
https://openwall.com/lists/oss-security/2011/02/14/1
https://openwall.com/lists/oss-security/2011/02/16/7
https://rhn.redhat.com/errata/RHSA-2012-0071.html
https://securityreason.com/securityalert/8114
https://support.apple.com/kb/HT5002
https://svn.php.net/viewvc?view=revision&revision=308316
https://www.debian.org/security/2011/dsa-2266
https://www.exploit-db.com/exploits/16261/
https://www.mandriva.com/security/advisories?name=MDVSA-2011:052
https://www.mandriva.com/security/advisories?name=MDVSA-2011:053
https://www.php.net/archive/2011.php
https://www.php.net/ChangeLog-5.php
https://www.php.net/releases/5_3_6.php
https://www.redhat.com/support/errata/RHSA-2011-1423.html
https://www.securityfocus.com/bid/46365
https://www.vupen.com/english/advisories/2011/0744
https://www.vupen.com/english/advisories/2011/0764
https://www.vupen.com/english/advisories/2011/0890
https://bugzilla.redhat.com/show_bug.cgi?id=680972
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
