CVE-2009-2687

Name	CVE-2009-2687
Description	The exif_read_data function in the Exif module in PHP before 5.2.10 allows remote attackers to cause a denial of service (crash) via a malformed JPEG image with invalid offset fields, a different issue than CVE-2005-3353.
Source	CVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
References	DSA-1940-1
Debian Bugs	535888, 535897

The information below is based on the following data on fixed versions.

Package	Type	Release	Fixed Version	Urgency	Origin	Debian Bugs
php4	source	(unstable)	(unfixed)	low		535897
php5	source	etch	5.2.0+dfsg-8+etch16		DSA-1940-1
php5	source	lenny	5.2.6.dfsg.1-1+lenny4		DSA-1940-1
php5	source	(unstable)	5.2.10.dfsg.1-2	low		535888

Notes

5.3.0 (in experimental) is not affected