Bug 20498 - PHP "exif_read_data()" Denial of Service
Summary: PHP "exif_read_data()" Denial of Service
Status: CLOSED FIXED
Alias: None
Product: Sisyphus
Classification: Development
Component: php5-exif (show other bugs)
Version: unstable
Hardware: all Linux
: P3 blocker
Assignee: Anton Farygin
QA Contact: qa-sisyphus
URL: http://bugs.php.net/bug.php?id=48378
Keywords: security
Depends on:
Blocks:
 
Reported: 2009-06-19 18:11 MSD by Vladimir Lettiev
Modified: 2010-01-29 13:46 MSK (History)
1 user (show)

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Vladimir Lettiev 2009-06-19 18:11:51 MSD 
There seems to be a problem in exif_read_data(), where some fields
representing offsets(?) are taken directly from the file without being
validated, resulting in a segmentation fault.

This bug fixed in 5.2.10: http://www.php.net/releases/5_2_10.php
Comment 1 Anton Farygin 2010-01-29 13:46:17 MSK 
php5-5.2.12 уже в Sisyphus.