CVE-2009-2687

PHP < 5.2.10 - Denial of Service via Malformed JPEG Image in Exif Module

Title source: llm

Description

The exif_read_data function in the Exif module in PHP before 5.2.10 allows remote attackers to cause a denial of service (crash) via a malformed JPEG image with invalid offset fields, a different issue than CVE-2005-3353.

References (18)

Core 18

Core References

Broken Link vendor-advisory x_refsource_ubuntu

https://usn.ubuntu.com/824-1/

Broken Link vdb-entry x_refsource_osvdb

http://osvdb.org/55222

Broken Link third-party-advisory x_refsource_secunia

http://secunia.com/advisories/37482

Broken Link third-party-advisory x_refsource_secunia

http://secunia.com/advisories/40262

Exploit, Vendor Advisory x_refsource_confirm

http://bugs.php.net/bug.php?id=48378

Mailing List, Third Party Advisory vendor-advisory x_refsource_hp

http://marc.info/?l=bugtraq&m=127680701405735&w=2

Broken Link vendor-advisory x_refsource_mandriva

http://www.mandriva.com/security/advisories?name=MDVSA-2009:145

Patch, Vendor Advisory vdb-entry x_refsource_vupen

http://www.vupen.com/english/advisories/2009/1632

Third Party Advisory vdb-entry signature x_refsource_oval

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6655

Broken Link third-party-advisory x_refsource_secunia

http://secunia.com/advisories/36462

Third Party Advisory vendor-advisory x_refsource_debian

http://www.debian.org/security/2009/dsa-1940

Third Party Advisory vdb-entry signature x_refsource_oval

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10695

Broken Link, Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/35441

Broken Link vendor-advisory x_refsource_mandriva

http://www.mandriva.com/security/advisories?name=MDVSA-2009:167

Patch, Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/35440

Third Party Advisory, VDB Entry vdb-entry x_refsource_xf

https://exchange.xforce.ibmcloud.com/vulnerabilities/51253

Mailing List, Third Party Advisory vendor-advisory x_refsource_suse

http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00004.html

Patch, Vendor Advisory x_refsource_confirm

http://www.php.net/releases/5_2_10.php

Scores

EPSS 0.1009

EPSS Percentile 93.2%

Details

CWE

CWE-20

Status published

Products (4)

debian/debian_linux 4.0

debian/debian_linux 5.0

debian/debian_linux 6.0

php/php < 5.2.10

Published Aug 05, 2009

Tracked Since Feb 18, 2026