Description

exif.c in the Exif extension in PHP before 5.3.6 on 64-bit platforms performs an incorrect cast, which allows remote attackers to cause a denial of service (application crash) via an image with a crafted Image File Directory (IFD) that triggers a buffer over-read.

Remediation

References

CVE-2011-0708

Related Vulnerabilities

WordPress Plugin Gwolle Guestbook Multiple Vulnerabilities (2.1.0)

WordPress Plugin Candidate Application Form Arbitrary File Disclosure (1.6)

WordPress Plugin Sticky Menu, Sticky Header (or anything!) on Scroll Cross-Site Request Forgery (2.2)

WordPress Plugin Image Slider Cross-Site Scripting (1.1.5)

WordPress Plugin Translate WordPress with GTranslate Open Redirect (2.8.10)

Severity

Medium

Classification

CVE-2011-0708 CWE-119

Tags

Missing Update Known Vulnerabilities