CVE-2011-0708
PHP < 5.3.6 - Denial of Service via Exif Image File Directory Buffer Over-read
Title source: llmExploitation Summary
EIP tracks 1 public exploit for CVE-2011-0708. PoCs published by _ikki & paradoxengine.
AI-analyzed exploit summary This exploit demonstrates a 64-bit casting vulnerability in PHP's Exif extension (versions <= 5.3.5) that leads to a segmentation fault due to improper memory access during image header parsing. The PoC includes crafted JPEG images that trigger the vulnerability when processed by the Exif extension.
Description
exif.c in the Exif extension in PHP before 5.3.6 on 64-bit platforms performs an incorrect cast, which allows remote attackers to cause a denial of service (application crash) via an image with a crafted Image File Directory (IFD) that triggers a buffer over-read.
Exploits (1)
This exploit demonstrates a 64-bit casting vulnerability in PHP's Exif extension (versions <= 5.3.5) that leads to a segmentation fault due to improper memory access during image header parsing. The PoC includes crafted JPEG images that trigger the vulnerability when processed by the Exif extension.