Vigil@nce - PHP: denial of service via EXIF
February 2011 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/
SYNTHESIS OF THE VULNERABILITY
An attacker can use an image with malformed EXIF data, in order to
stop PHP applications.
Severity: 1/4
Creation date: 14/02/2011
IMPACTED PRODUCTS
– PHP
DESCRIPTION OF THE VULNERABILITY
The EXIF module of PHP decodes additional information contained in
JPEG images.
The exif_process_IFD_TAG() function of the ext/exif/exif.c file
decodes EXIF tags of type "identification". However, if the
"component" field is negative, the exif_process_IFD_TAG() function
tries to read at an invalid memory address, which creates a
segmentation error.
An attacker can therefore use an image with malformed EXIF data,
in order to stop PHP applications.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/PHP-denial-of-service-via-EXIF-10365