CVE-2009-3292

NameCVE-2009-3292
DescriptionUnspecified vulnerability in PHP before 5.2.11, and 5.3.x before 5.3.1, has unknown impact and attack vectors related to "missing sanity checks around exif processing."
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub code/issues, web search, more)
ReferencesDSA-1940-1
NVD severityhigh

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
php5sourceetch5.2.0+dfsg-8+etch16DSA-1940-1
php5sourcelenny5.2.6.dfsg.1-1+lenny4DSA-1940-1
php5source(unstable)5.2.11.dfsg.1-1low

Notes

unknown impact, it is related to missing sanity checks
when determining the length of sections of jpg headers
a missing limit on the nesting level of TIFF files, and
missing EOF checks, possibly leading to NULL dereferences
experimental is likely to be affected (as of 5.3.0)

Search for package or bug name: Reporting problems