PHP 'exif_thumbnail()' Function Heap Based Buffer Overflow Vulnerability

Bugtraq ID: 70665
Class: Boundary Condition Error
CVE: CVE-2014-3670
Remote: Yes
Local: No
Published: Oct 16 2014 12:00AM
Updated: May 07 2015 05:33PM
Credit: Otto Ebeling
Vulnerable: Slackware Slackware Linux 14.1
Slackware Slackware Linux 14.0
Redhat Enterprise Linux Server Optional EUS 6.5
Redhat Enterprise Linux Server EUS 6.5
Redhat Enterprise Linux HPC Node EUS 6.5
Redhat Enterprise Linux Desktop Workstation 5 client
Redhat Enterprise Linux Compute Node Optional EUS 6.5
Redhat Enterprise Linux 5 Server
PHP PHP 5.6.1
PHP PHP 5.5.14
+ Mandriva Linux Mandrake 10.1 x86_64
+ Mandriva Linux Mandrake 10.1
+ S.u.S.E. Linux Personal 9.2
+ Turbolinux Turbolinux Server 10.0
+ Ubuntu Ubuntu Linux 4.1 ppc
+ Ubuntu Ubuntu Linux 4.1 ia64
+ Ubuntu Ubuntu Linux 4.1 ia32
PHP PHP 5.5.13
PHP PHP 5.5.12
PHP PHP 5.5.11
PHP PHP 5.5.10
PHP PHP 5.5.5
PHP PHP 5.5.4
PHP PHP 5.5.3
PHP PHP 5.5.1
PHP PHP 5.5
PHP PHP 5.4.30
+ Mandriva Linux Mandrake 10.1 x86_64
+ Mandriva Linux Mandrake 10.1
+ S.u.S.E. Linux Personal 9.2
+ Turbolinux Turbolinux Server 10.0
+ Ubuntu Ubuntu Linux 4.1 ppc
+ Ubuntu Ubuntu Linux 4.1 ia64
+ Ubuntu Ubuntu Linux 4.1 ia32
PHP PHP 5.4.29
PHP PHP 5.4.26
PHP PHP 5.4.25
PHP PHP 5.4.17
PHP PHP 5.4.14
PHP PHP 5.4.8
PHP PHP 5.4.7
PHP PHP 5.4.6
PHP PHP 5.4.4
PHP PHP 5.4.3
PHP PHP 5.4.2
PHP PHP 5.4.1
PHP PHP 5.6
PHP PHP 5.5.9
PHP PHP 5.5.8
PHP PHP 5.5.7
PHP PHP 5.5.2
PHP PHP 5.5.17
PHP PHP 5.5.16
PHP PHP 5.5.15
PHP PHP 5.4.9
PHP PHP 5.4.5
PHP PHP 5.4.33
PHP PHP 5.4.32
PHP PHP 5.4.31
PHP PHP 5.4.28
PHP PHP 5.4.27
PHP PHP 5.4.24
PHP PHP 5.4.23
PHP PHP 5.4.22
PHP PHP 5.4.21
PHP PHP 5.4.20
PHP PHP 5.4.19
PHP PHP 5.4.18
PHP PHP 5.4.16
PHP PHP 5.4.15
PHP PHP 5.4.13
PHP PHP 5.4.12
PHP PHP 5.4.11
PHP PHP 5.4.10
Oracle Enterprise Linux 6.2
Oracle Enterprise Linux 6
Oracle Enterprise Linux 5
Mandriva Business Server 1 X86 64
Mandriva Business Server 1
Gentoo Linux
Debian Linux 6.0 sparc
Debian Linux 6.0 s/390
Debian Linux 6.0 powerpc
Debian Linux 6.0 mips
Debian Linux 6.0 ia-64
Debian Linux 6.0 ia-32
Debian Linux 6.0 arm
Debian Linux 6.0 amd64
CentOS CentOS 6
CentOS CentOS 5
Apple Mac OS X 10.9.5
Apple Mac OS X 10.8.5
Apple Mac OS X 10.10.2
Apple Mac OS X 10.10.1
Apple Mac OS X 10.10
Not Vulnerable: PHP PHP 5.6.2
PHP PHP 5.5.18
PHP PHP 5.4.34
Apple Mac Os X 10.10.3


 

Privacy Statement
Copyright 2010, SecurityFocus