Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:
Category:FreeBSD Local Security Checks
Title:FreeBSD Ports: php5, php5-exif
Summary:The remote host is missing an update to the system; as announced in the referenced advisory.
The remote host is missing an update to the system
as announced in the referenced advisory.

Vulnerability Insight:
The following packages are affected:


Integer overflow in the exif_process_IFD_TAG function in exif.c in the
exif extension in PHP 5.4.0beta2 on 32-bit platforms allows remote
attackers to read the contents of arbitrary memory locations or cause
a denial of service via a crafted offset_val value in an EXIF header
in a JPEG file, a different vulnerability than CVE-2011-0708.

PHP before 5.3.9 computes hash values for form parameters without
restricting the ability to trigger hash collisions predictably, which
allows remote attackers to cause a denial of service (CPU consumption)
by sending many crafted parameters.

Update your system with the appropriate patches or
software upgrades.

CVSS Score:

CVSS Vector:

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2011-4566
BugTraq ID: 50907
Debian Security Information: DSA-2399 (Google Search)
RedHat Security Advisories: RHSA-2012:0071
SuSE Security Announcement: openSUSE-SU-2012:0426 (Google Search)
XForce ISS Database: php-exifprocessifdtag-dos(71612)
Common Vulnerability Exposure (CVE) ID: CVE-2011-4885
BugTraq ID: 51193
Bugtraq: 20111228 n.runs-SA-2011.004 - web programming languages and platforms - DoS through hash table (Google Search)
CERT/CC vulnerability note: VU#903934
HPdes Security Advisory: HPSBMU02786
HPdes Security Advisory: HPSBOV02763
HPdes Security Advisory: HPSBUX02741
HPdes Security Advisory: SSRT100728
HPdes Security Advisory: SSRT100826
HPdes Security Advisory: SSRT100877
SuSE Security Announcement: SUSE-SU-2012:0411 (Google Search)
XForce ISS Database: php-hash-dos(72021)
CopyrightCopyright (c) 2012 E-Soft Inc.

This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.

© 1998-2022 E-Soft Inc. All rights reserved.