4.3
CVE-2009-2687
- EPSS 4.38%
- Veröffentlicht 05.08.2009 19:30:01
- Zuletzt bearbeitet 16.06.2026 23:10:00
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
The exif_read_data function in the Exif module in PHP before 5.2.10 allows remote attackers to cause a denial of service (crash) via a malformed JPEG image with invalid offset fields, a different issue than CVE-2005-3353.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 4.38% | 0.9 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 4.3 | 8.6 | 2.9 |
AV:N/AC:M/Au:N/C:N/I:N/A:P
|
CWE-20 Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00004.html
http://bugs.php.net/bug.php?id=48378
http://marc.info/?l=bugtraq&m=127680701405735&w=2
http://osvdb.org/55222
http://secunia.com/advisories/35441
http://secunia.com/advisories/36462
http://secunia.com/advisories/37482
http://secunia.com/advisories/40262
http://www.debian.org/security/2009/dsa-1940
http://www.mandriva.com/security/advisories?name=MDVSA-2009:145
http://www.mandriva.com/security/advisories?name=MDVSA-2009:167
http://www.php.net/releases/5_2_10.php
http://www.securityfocus.com/bid/35440
http://www.vupen.com/english/advisories/2009/1632
https://exchange.xforce.ibmcloud.com/vulnerabilities/51253
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10695
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6655
https://usn.ubuntu.com/824-1/