CVE-2011-0708

PHP < 5.3.6 - Denial of Service via Exif Image File Directory Buffer Over-read

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2011-0708. PoCs published by _ikki & paradoxengine.

AI-analyzed exploit summary This exploit demonstrates a 64-bit casting vulnerability in PHP's Exif extension (versions <= 5.3.5) that leads to a segmentation fault due to improper memory access during image header parsing. The PoC includes crafted JPEG images that trigger the vulnerability when processed by the Exif extension.

Description

exif.c in the Exif extension in PHP before 5.3.6 on 64-bit platforms performs an incorrect cast, which allows remote attackers to cause a denial of service (application crash) via an image with a crafted Image File Directory (IFD) that triggers a buffer over-read.

Exploits (1)

exploitdb WORKING POC VERIFIED
by _ikki & paradoxengine · textdosmultiple
https://www.exploit-db.com/exploits/16261

This exploit demonstrates a 64-bit casting vulnerability in PHP's Exif extension (versions <= 5.3.5) that leads to a segmentation fault due to improper memory access during image header parsing. The PoC includes crafted JPEG images that trigger the vulnerability when processed by the Exif extension.

Classification
Working Poc 90%
Attack Type
Dos
Complexity
Moderate
Reliability
Reliable
Target: PHP <= 5.3.5 (Exif extension for 64bit platforms)
No auth needed
Prerequisites: PHP 64-bit version · PHP compiled with --enable-exif · memory_limit = -1
mistral-large-3 · analyzed Feb 16, 2026 Full analysis →

References (25)

Core 25
Core References
Mailing List vendor-advisory x_refsource_hp
http://marc.info/?l=bugtraq&m=133469208622507&w=2
Mailing List, Third Party Advisory vendor-advisory x_refsource_fedora
http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057709.html
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2011/0764
Mailing List, Third Party Advisory vendor-advisory x_refsource_fedora
http://lists.fedoraproject.org/pipermail/package-announce/2011-March/056642.html
Exploit exploit x_refsource_exploit-db
http://www.exploit-db.com/exploits/16261/
Exploit, Patch x_refsource_confirm
https://bugzilla.redhat.com/show_bug.cgi?id=680972
Vendor Advisory vendor-advisory x_refsource_mandriva
http://www.mandriva.com/security/advisories?name=MDVSA-2011:053
Third Party Advisory vendor-advisory x_refsource_debian
http://www.debian.org/security/2011/dsa-2266
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2011/0890
Release Notes x_refsource_confirm
http://www.php.net/releases/5_3_6.php
Vendor Advisory x_refsource_confirm
http://www.php.net/ChangeLog-5.php
Vendor Advisory x_refsource_confirm
http://www.php.net/archive/2011.php
Mailing List vendor-advisory x_refsource_apple
http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html
Various Sources x_refsource_confirm
http://bugs.php.net/bug.php?id=54002
Patch mailing-list x_refsource_mlist
http://openwall.com/lists/oss-security/2011/02/16/7
Vendor Advisory vendor-advisory x_refsource_redhat
http://www.redhat.com/support/errata/RHSA-2011-1423.html
Exploit mailing-list x_refsource_mlist
http://openwall.com/lists/oss-security/2011/02/14/1
Mailing List, Third Party Advisory vendor-advisory x_refsource_fedora
http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057710.html
Vendor Advisory vendor-advisory x_refsource_mandriva
http://www.mandriva.com/security/advisories?name=MDVSA-2011:052
Third Party Advisory third-party-advisory x_refsource_sreason
http://securityreason.com/securityalert/8114
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/46365
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2011/0744
Vendor Advisory vendor-advisory x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2012-0071.html
Vendor Advisory x_refsource_confirm
http://support.apple.com/kb/HT5002

Scores

EPSS 0.0983
EPSS Percentile 95.0%

Details

CWE
CWE-119
Status published
Products (45)
php/php 1.0
php/php 2.0
php/php 2.0b10
php/php 3.0
php/php 3.0.1
php/php 3.0.2
php/php 3.0.3
php/php 3.0.4
php/php 3.0.5
php/php 3.0.6
... and 35 more
Published Mar 20, 2011
Tracked Since Feb 18, 2026