CVE-2014-3670
published 2014-10-29CVE-2014-3670: The exif_ifd_make_value function in exif.c in the EXIF extension in PHP before 5.4.34, 5.5.x before 5.5.18, and 5.6.x before 5.6.2 operates on floating-point…
PriorityP345medium6.8CVSS 2.0
AVNACMAuNCPIPAP
EPSS
22.63%
97.4th percentile
The exif_ifd_make_value function in exif.c in the EXIF extension in PHP before 5.4.34, 5.5.x before 5.5.18, and 5.6.x before 5.6.2 operates on floating-point arrays incorrectly, which allows remote attackers to cause a denial of service (heap memory corruption and application crash) or possibly execute arbitrary code via a crafted JPEG image with TIFF thumbnail data that is improperly handled by the exif_thumbnail function.
Affected
56 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apple | os_x_yosemite_v10.10.3_and_security_update_2015-004 | — | — |
| php | php | <= 5.4.33 | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
CVSS provenance
nvdv2.06.8MEDIUMAV:N/AC:M/Au:N/C:P/I:P/A:P
osv6.8MEDIUM
vendor_redhat6.8MEDIUM
vendor_ubuntu5.0MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Ubuntu
php5 vulnerabilities
vendor_ubuntu·2014-10-30·CVSS 5.0
CVE-2014-3668 [MEDIUM] php5 vulnerabilities
Title: php5 vulnerabilities
Summary: Several security issues were fixed in PHP.
Symeon Paraschoudis discovered that PHP incorrectly handled the mkgmtime
function. A remote attacker could possibly use this issue to cause PHP to
crash, resulting in a denial of service. (CVE-2014-3668)
Symeon Paraschoudis discovered that PHP incorrectly handled unserializing
objects. A remote attacker could possibly use this issue to cause PHP to
crash, resulting in a denial of service. (CVE-2014-3669)
Otto Ebeling discovered that PHP incorrectly handled the exif_thumbnail
function. A remote attacker could use this issue to cause PHP to crash,
resulting in a denial of service, or possibly execute arbitrary code.
(CVE-2014-3670)
Francisco Alonso that PHP incorrectly handled ELF files in the fileinfo
exten
Red Hat
php: heap corruption issue in exif_thumbnail()
vendor_redhat·2014-10-14·CVSS 6.8
CVE-2014-3670 [MEDIUM] php: heap corruption issue in exif_thumbnail()
php: heap corruption issue in exif_thumbnail()
The exif_ifd_make_value function in exif.c in the EXIF extension in PHP before 5.4.34, 5.5.x before 5.5.18, and 5.6.x before 5.6.2 operates on floating-point arrays incorrectly, which allows remote attackers to cause a denial of service (heap memory corruption and application crash) or possibly execute arbitrary code via a crafted JPEG image with TIFF thumbnail data that is improperly handled by the exif_thumbnail function.
A buffer overflow flaw was found in the Exif extension. A specially crafted JPEG or TIFF file could cause a PHP application using the exif_thumbnail() function to crash or, possibly, execute arbitrary code with the privileges of the user running that PHP application.
Apple
CVE-2014-3670: OS X Yosemite v10.10.3 and Security Update 2015-004
vendor_apple·CVSS 6.8
CVE-2014-3670 [MEDIUM] CVE-2014-3670: OS X Yosemite v10.10.3 and Security Update 2015-004
Apple Security Update: About the security content of OS X Yosemite v10.10.3 and Security Update 2015-004
Product: OS X Yosemite v10.10.3 and Security Update 2015-004
CVE: CVE-2014-3670
Component: CVE-2014-3670
GHSA
GHSA-r6jr-5phj-2qqh: The exif_ifd_make_value function in exif
ghsa_unreviewed·2022-05-17
CVE-2014-3670 [MEDIUM] CWE-119 GHSA-r6jr-5phj-2qqh: The exif_ifd_make_value function in exif
The exif_ifd_make_value function in exif.c in the EXIF extension in PHP before 5.4.34, 5.5.x before 5.5.18, and 5.6.x before 5.6.2 operates on floating-point arrays incorrectly, which allows remote attackers to cause a denial of service (heap memory corruption and application crash) or possibly execute arbitrary code via a crafted JPEG image with TIFF thumbnail data that is improperly handled by the exif_thumbnail function.
OSV
php5 vulnerabilities
osv·2014-10-30·CVSS 5.0
CVE-2014-3668 [MEDIUM] php5 vulnerabilities
php5 vulnerabilities
Symeon Paraschoudis discovered that PHP incorrectly handled the mkgmtime
function. A remote attacker could possibly use this issue to cause PHP to
crash, resulting in a denial of service. (CVE-2014-3668)
Symeon Paraschoudis discovered that PHP incorrectly handled unserializing
objects. A remote attacker could possibly use this issue to cause PHP to
crash, resulting in a denial of service. (CVE-2014-3669)
Otto Ebeling discovered that PHP incorrectly handled the exif_thumbnail
function. A remote attacker could use this issue to cause PHP to crash,
resulting in a denial of service, or possibly execute arbitrary code.
(CVE-2014-3670)
Francisco Alonso that PHP incorrectly handled ELF files in the fileinfo
extension. A remote attacker could possibly use this issue to cau
OSV
CVE-2014-3670: The exif_ifd_make_value function in exif
osv·2014-10-29·CVSS 6.8
CVE-2014-3670 [MEDIUM] CVE-2014-3670: The exif_ifd_make_value function in exif
The exif_ifd_make_value function in exif.c in the EXIF extension in PHP before 5.4.34, 5.5.x before 5.5.18, and 5.6.x before 5.6.2 operates on floating-point arrays incorrectly, which allows remote attackers to cause a denial of service (heap memory corruption and application crash) or possibly execute arbitrary code via a crafted JPEG image with TIFF thumbnail data that is improperly handled by the exif_thumbnail function.
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2014-3670 php: heap corruption issue in exif_thumbnail()
bugzilla·2014-10-20·CVSS 6.8
CVE-2014-3670 [MEDIUM] CVE-2014-3670 php: heap corruption issue in exif_thumbnail()
CVE-2014-3670 php: heap corruption issue in exif_thumbnail()
A heap corruption issue was reported in PHP's exif_thumbnail() function. A specially-crafted JPEG image could cause the PHP interpreter to crash or, potentially, execute arbitrary code.
This issue has been fixed in upstream versions 5.4.34, 5.5.18, and 5.6.2.
References:
http://git.php.net/?p=php-src.git;a=commit;h=ddb207e7fa2e9adeba021a1303c3781efda5409b
https://bugs.php.net/bug.php?id=68113
http://php.net/ChangeLog-5.php
Discussion:
IssueDescription:
A buffer overflow flaw was found in the Exif extension. A specially crafted JPEG or TIFF file could cause a PHP application using the exif_thumbnail() function to crash or, possibly, execute arbitrary code with the privileges of the user running that PHP application.
---
Th
Tenable
[R3] SecurityCenter 4.8.2 Fixes Third-party Library Vulnerability
blogs_tenable·2014-11-05
[R3] SecurityCenter 4.8.2 Fixes Third-party Library Vulnerability
## Cloud Exposure
Tenable Cloud Security (CNAPP) Request a demo
Tenable Cloud Vulnerability Management Request a demo
Tenable CIEM Request a demo
Secure your cloud
## Vulnerability Exposure
Tenable Vulnerability Management Try for free
Tenable Security Center Request a demo
Tenable Web App Scanning Try for free
Tenable Patch Management Request a demo
Tenable Enclave Security Request a demo
Tenable Attack Surface Management Request a demo
Tenable Nessus Try for free
## AI Exposure
Tenable AI Exposure Request a demo
## OT/IoT Exposure
Tenable OT Security Request a demo
## Identity Exposure
Tenable Identity Exposure Request a demo
## Business needs
Active Directory
AI Security Posture Management (AI-SPM)
AWS security
Azure security
Cloud Security Posture Man
http://git.php.net/?p=php-src.git%3Ba=commit%3Bh=ddb207e7fa2e9adeba021a1303c3781efda5409bhttp://linux.oracle.com/errata/ELSA-2014-1767.htmlhttp://linux.oracle.com/errata/ELSA-2014-1768.htmlhttp://lists.apple.com/archives/security-announce/2015/Apr/msg00001.htmlhttp://lists.opensuse.org/opensuse-updates/2014-11/msg00024.htmlhttp://lists.opensuse.org/opensuse-updates/2014-11/msg00034.htmlhttp://lists.opensuse.org/opensuse-updates/2015-01/msg00006.htmlhttp://php.net/ChangeLog-5.phphttp://rhn.redhat.com/errata/RHSA-2014-1765.htmlhttp://rhn.redhat.com/errata/RHSA-2014-1766.htmlhttp://rhn.redhat.com/errata/RHSA-2014-1767.htmlhttp://rhn.redhat.com/errata/RHSA-2014-1768.htmlhttp://rhn.redhat.com/errata/RHSA-2014-1824.htmlhttp://secunia.com/advisories/59967http://secunia.com/advisories/60630http://secunia.com/advisories/60699http://secunia.com/advisories/61763http://secunia.com/advisories/61970http://secunia.com/advisories/61982http://www.debian.org/security/2014/dsa-3064http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.htmlhttp://www.securityfocus.com/bid/70665http://www.ubuntu.com/usn/USN-2391-1https://bugs.php.net/bug.php?id=68113https://bugzilla.redhat.com/show_bug.cgi?id=1154502https://support.apple.com/HT204659http://git.php.net/?p=php-src.git%3Ba=commit%3Bh=ddb207e7fa2e9adeba021a1303c3781efda5409bhttp://linux.oracle.com/errata/ELSA-2014-1767.htmlhttp://linux.oracle.com/errata/ELSA-2014-1768.htmlhttp://lists.apple.com/archives/security-announce/2015/Apr/msg00001.htmlhttp://lists.opensuse.org/opensuse-updates/2014-11/msg00024.htmlhttp://lists.opensuse.org/opensuse-updates/2014-11/msg00034.htmlhttp://lists.opensuse.org/opensuse-updates/2015-01/msg00006.htmlhttp://php.net/ChangeLog-5.phphttp://rhn.redhat.com/errata/RHSA-2014-1765.htmlhttp://rhn.redhat.com/errata/RHSA-2014-1766.htmlhttp://rhn.redhat.com/errata/RHSA-2014-1767.htmlhttp://rhn.redhat.com/errata/RHSA-2014-1768.htmlhttp://rhn.redhat.com/errata/RHSA-2014-1824.htmlhttp://secunia.com/advisories/59967http://secunia.com/advisories/60630http://secunia.com/advisories/60699http://secunia.com/advisories/61763http://secunia.com/advisories/61970http://secunia.com/advisories/61982http://www.debian.org/security/2014/dsa-3064http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.htmlhttp://www.securityfocus.com/bid/70665http://www.ubuntu.com/usn/USN-2391-1https://bugs.php.net/bug.php?id=68113https://bugzilla.redhat.com/show_bug.cgi?id=1154502https://support.apple.com/HT204659
2014-10-29
Published