Integer overflow in the exif_process_IFD_TAG function in exif.c in the exif extension in PHP 5.4.0beta2 on 32-bit platforms allows remote attackers to read the contents of arbitrary memory locations or cause a denial of service via a crafted offset_val value in an EXIF header in a JPEG file, a different vulnerability than CVE-2011-0708.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Php | Php | 5.3.0 (including) | 5.3.9 (excluding) |
| Php | Php | 5.4.0-beta2 (including) | 5.4.0-beta2 (including) |
| Red Hat Enterprise Linux 4 | RedHat | php-0:4.3.9-3.35 | * |
| Red Hat Enterprise Linux 5 | RedHat | php53-0:5.3.3-1.el5_7.5 | * |
| Red Hat Enterprise Linux 5 | RedHat | php-0:5.1.6-27.el5_7.4 | * |
| Red Hat Enterprise Linux 6 | RedHat | php-0:5.3.3-3.el6_2.5 | * |
| Php5 | Ubuntu | devel | * |
| Php5 | Ubuntu | hardy | * |
| Php5 | Ubuntu | lucid | * |
| Php5 | Ubuntu | maverick | * |
| Php5 | Ubuntu | natty | * |
| Php5 | Ubuntu | oneiric | * |