// For flags

CVE-2014-3670

php: heap corruption issue in exif_thumbnail()

Severity Score

6.8
*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

1
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

The exif_ifd_make_value function in exif.c in the EXIF extension in PHP before 5.4.34, 5.5.x before 5.5.18, and 5.6.x before 5.6.2 operates on floating-point arrays incorrectly, which allows remote attackers to cause a denial of service (heap memory corruption and application crash) or possibly execute arbitrary code via a crafted JPEG image with TIFF thumbnail data that is improperly handled by the exif_thumbnail function.

La función exif_ifd_make_value en exif.c en la extensión EXIF en PHP anterior a 5.4.34, 5.5.x anterior a 5.5.18, y 5.6.x anterior a 5.6.2 opera sobre arrays de punto flotante incorrectamente, lo que permite a atacantes remotos causar una denegación de servicio (corrupción de memoria dinámica y caída de aplicación) o posiblemente ejecutar código arbitrario a través de un imagen JPEG manipulado con datos 'thumbnail' TIFF que son manejados indebidamente por la función exif_thumbnail.

A buffer overflow flaw was found in the Exif extension. A specially crafted JPEG or TIFF file could cause a PHP application using the exif_thumbnail() function to crash or, possibly, execute arbitrary code with the privileges of the user running that PHP application.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Medium
Authentication
None
Confidentiality
Partial
Integrity
Partial
Availability
Partial
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2014-05-14 CVE Reserved
  • 2014-10-24 CVE Published
  • 2024-08-06 CVE Updated
  • 2024-08-06 First Exploit
  • 2024-10-27 EPSS Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
CWE
  • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer
CAPEC
References (27)
URL Tag Source
http://git.php.net/?p=php-src.git%3Ba=commit%3Bh=ddb207e7fa2e9adeba021a1303c3781efda5409b X_refsource_confirm
http://linux.oracle.com/errata/ELSA-2014-1767.html X_refsource_confirm
http://linux.oracle.com/errata/ELSA-2014-1768.html X_refsource_confirm
http://php.net/ChangeLog-5.php X_refsource_confirm
http://secunia.com/advisories/59967 Third Party Advisory
http://secunia.com/advisories/60630 Third Party Advisory
http://secunia.com/advisories/60699 Third Party Advisory
http://secunia.com/advisories/61763 Third Party Advisory
http://secunia.com/advisories/61970 Third Party Advisory
http://secunia.com/advisories/61982 Third Party Advisory
http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html X_refsource_confirm
http://www.securityfocus.com/bid/70665 Vdb Entry
https://support.apple.com/HT204659 X_refsource_confirm
URL Date SRC
https://bugs.php.net/bug.php?id=68113 2024-08-06
URL Date SRC
URL Date SRC
http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html 2023-11-07
http://lists.opensuse.org/opensuse-updates/2014-11/msg00024.html 2023-11-07
http://lists.opensuse.org/opensuse-updates/2014-11/msg00034.html 2023-11-07
http://lists.opensuse.org/opensuse-updates/2015-01/msg00006.html 2023-11-07
http://rhn.redhat.com/errata/RHSA-2014-1765.html 2023-11-07
http://rhn.redhat.com/errata/RHSA-2014-1766.html 2023-11-07
http://rhn.redhat.com/errata/RHSA-2014-1767.html 2023-11-07
http://rhn.redhat.com/errata/RHSA-2014-1768.html 2023-11-07
http://rhn.redhat.com/errata/RHSA-2014-1824.html 2023-11-07
http://www.debian.org/security/2014/dsa-3064 2023-11-07
http://www.ubuntu.com/usn/USN-2391-1 2023-11-07
https://bugzilla.redhat.com/show_bug.cgi?id=1154502 2015-01-08
https://access.redhat.com/security/cve/CVE-2014-3670 2015-01-08
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Php
Search vendor "Php"
 Php
Search vendor "Php" for product "Php"
 <= 5.4.33
Search vendor "Php" for product "Php" and version " <= 5.4.33"
-
Affected
Php
Search vendor "Php"
 Php
Search vendor "Php" for product "Php"
 5.4.0
Search vendor "Php" for product "Php" and version "5.4.0"
-
Affected
Php
Search vendor "Php"
 Php
Search vendor "Php" for product "Php"
 5.4.1
Search vendor "Php" for product "Php" and version "5.4.1"
-
Affected
Php
Search vendor "Php"
 Php
Search vendor "Php" for product "Php"
 5.4.2
Search vendor "Php" for product "Php" and version "5.4.2"
-
Affected
Php
Search vendor "Php"
 Php
Search vendor "Php" for product "Php"
 5.4.3
Search vendor "Php" for product "Php" and version "5.4.3"
-
Affected
Php
Search vendor "Php"
 Php
Search vendor "Php" for product "Php"
 5.4.4
Search vendor "Php" for product "Php" and version "5.4.4"
-
Affected
Php
Search vendor "Php"
 Php
Search vendor "Php" for product "Php"
 5.4.5
Search vendor "Php" for product "Php" and version "5.4.5"
-
Affected
Php
Search vendor "Php"
 Php
Search vendor "Php" for product "Php"
 5.4.6
Search vendor "Php" for product "Php" and version "5.4.6"
-
Affected
Php
Search vendor "Php"
 Php
Search vendor "Php" for product "Php"
 5.4.7
Search vendor "Php" for product "Php" and version "5.4.7"
-
Affected
Php
Search vendor "Php"
 Php
Search vendor "Php" for product "Php"
 5.4.8
Search vendor "Php" for product "Php" and version "5.4.8"
-
Affected
Php
Search vendor "Php"
 Php
Search vendor "Php" for product "Php"
 5.4.9
Search vendor "Php" for product "Php" and version "5.4.9"
-
Affected
Php
Search vendor "Php"
 Php
Search vendor "Php" for product "Php"
 5.4.10
Search vendor "Php" for product "Php" and version "5.4.10"
-
Affected
Php
Search vendor "Php"
 Php
Search vendor "Php" for product "Php"
 5.4.11
Search vendor "Php" for product "Php" and version "5.4.11"
-
Affected
Php
Search vendor "Php"
 Php
Search vendor "Php" for product "Php"
 5.4.12
Search vendor "Php" for product "Php" and version "5.4.12"
-
Affected
Php
Search vendor "Php"
 Php
Search vendor "Php" for product "Php"
 5.4.12
Search vendor "Php" for product "Php" and version "5.4.12"
rc1
Affected
Php
Search vendor "Php"
 Php
Search vendor "Php" for product "Php"
 5.4.12
Search vendor "Php" for product "Php" and version "5.4.12"
rc2
Affected
Php
Search vendor "Php"
 Php
Search vendor "Php" for product "Php"
 5.4.13
Search vendor "Php" for product "Php" and version "5.4.13"
-
Affected
Php
Search vendor "Php"
 Php
Search vendor "Php" for product "Php"
 5.4.13
Search vendor "Php" for product "Php" and version "5.4.13"
rc1
Affected
Php
Search vendor "Php"
 Php
Search vendor "Php" for product "Php"
 5.4.14
Search vendor "Php" for product "Php" and version "5.4.14"
-
Affected
Php
Search vendor "Php"
 Php
Search vendor "Php" for product "Php"
 5.4.14
Search vendor "Php" for product "Php" and version "5.4.14"
rc1
Affected
Php
Search vendor "Php"
 Php
Search vendor "Php" for product "Php"
 5.4.15
Search vendor "Php" for product "Php" and version "5.4.15"
rc1
Affected
Php
Search vendor "Php"
 Php
Search vendor "Php" for product "Php"
 5.4.16
Search vendor "Php" for product "Php" and version "5.4.16"
rc1
Affected
Php
Search vendor "Php"
 Php
Search vendor "Php" for product "Php"
 5.4.17
Search vendor "Php" for product "Php" and version "5.4.17"
-
Affected
Php
Search vendor "Php"
 Php
Search vendor "Php" for product "Php"
 5.4.18
Search vendor "Php" for product "Php" and version "5.4.18"
-
Affected
Php
Search vendor "Php"
 Php
Search vendor "Php" for product "Php"
 5.4.19
Search vendor "Php" for product "Php" and version "5.4.19"
-
Affected
Php
Search vendor "Php"
 Php
Search vendor "Php" for product "Php"
 5.4.20
Search vendor "Php" for product "Php" and version "5.4.20"
-
Affected
Php
Search vendor "Php"
 Php
Search vendor "Php" for product "Php"
 5.4.21
Search vendor "Php" for product "Php" and version "5.4.21"
-
Affected
Php
Search vendor "Php"
 Php
Search vendor "Php" for product "Php"
 5.4.22
Search vendor "Php" for product "Php" and version "5.4.22"
-
Affected
Php
Search vendor "Php"
 Php
Search vendor "Php" for product "Php"
 5.4.23
Search vendor "Php" for product "Php" and version "5.4.23"
-
Affected
Php
Search vendor "Php"
 Php
Search vendor "Php" for product "Php"
 5.4.24
Search vendor "Php" for product "Php" and version "5.4.24"
-
Affected
Php
Search vendor "Php"
 Php
Search vendor "Php" for product "Php"
 5.4.25
Search vendor "Php" for product "Php" and version "5.4.25"
-
Affected
Php
Search vendor "Php"
 Php
Search vendor "Php" for product "Php"
 5.4.26
Search vendor "Php" for product "Php" and version "5.4.26"
-
Affected
Php
Search vendor "Php"
 Php
Search vendor "Php" for product "Php"
 5.4.27
Search vendor "Php" for product "Php" and version "5.4.27"
-
Affected
Php
Search vendor "Php"
 Php
Search vendor "Php" for product "Php"
 5.4.28
Search vendor "Php" for product "Php" and version "5.4.28"
-
Affected
Php
Search vendor "Php"
 Php
Search vendor "Php" for product "Php"
 5.4.29
Search vendor "Php" for product "Php" and version "5.4.29"
-
Affected
Php
Search vendor "Php"
 Php
Search vendor "Php" for product "Php"
 5.4.30
Search vendor "Php" for product "Php" and version "5.4.30"
-
Affected
Php
Search vendor "Php"
 Php
Search vendor "Php" for product "Php"
 5.4.31
Search vendor "Php" for product "Php" and version "5.4.31"
-
Affected
Php
Search vendor "Php"
 Php
Search vendor "Php" for product "Php"
 5.4.32
Search vendor "Php" for product "Php" and version "5.4.32"
-
Affected
Php
Search vendor "Php"
 Php
Search vendor "Php" for product "Php"
 5.5.0
Search vendor "Php" for product "Php" and version "5.5.0"
-
Affected
Php
Search vendor "Php"
 Php
Search vendor "Php" for product "Php"
 5.5.0
Search vendor "Php" for product "Php" and version "5.5.0"
alpha1
Affected
Php
Search vendor "Php"
 Php
Search vendor "Php" for product "Php"
 5.5.0
Search vendor "Php" for product "Php" and version "5.5.0"
alpha2
Affected
Php
Search vendor "Php"
 Php
Search vendor "Php" for product "Php"
 5.5.0
Search vendor "Php" for product "Php" and version "5.5.0"
alpha3
Affected
Php
Search vendor "Php"
 Php
Search vendor "Php" for product "Php"
 5.5.0
Search vendor "Php" for product "Php" and version "5.5.0"
alpha4
Affected
Php
Search vendor "Php"
 Php
Search vendor "Php" for product "Php"
 5.5.0
Search vendor "Php" for product "Php" and version "5.5.0"
alpha5
Affected
Php
Search vendor "Php"
 Php
Search vendor "Php" for product "Php"
 5.5.0
Search vendor "Php" for product "Php" and version "5.5.0"
alpha6
Affected
Php
Search vendor "Php"
 Php
Search vendor "Php" for product "Php"
 5.5.0
Search vendor "Php" for product "Php" and version "5.5.0"
beta1
Affected
Php
Search vendor "Php"
 Php
Search vendor "Php" for product "Php"
 5.5.0
Search vendor "Php" for product "Php" and version "5.5.0"
beta2
Affected
Php
Search vendor "Php"
 Php
Search vendor "Php" for product "Php"
 5.5.0
Search vendor "Php" for product "Php" and version "5.5.0"
beta3
Affected
Php
Search vendor "Php"
 Php
Search vendor "Php" for product "Php"
 5.5.0
Search vendor "Php" for product "Php" and version "5.5.0"
beta4
Affected
Php
Search vendor "Php"
 Php
Search vendor "Php" for product "Php"
 5.5.0
Search vendor "Php" for product "Php" and version "5.5.0"
rc1
Affected
Php
Search vendor "Php"
 Php
Search vendor "Php" for product "Php"
 5.5.0
Search vendor "Php" for product "Php" and version "5.5.0"
rc2
Affected
Php
Search vendor "Php"
 Php
Search vendor "Php" for product "Php"
 5.5.1
Search vendor "Php" for product "Php" and version "5.5.1"
-
Affected
Php
Search vendor "Php"
 Php
Search vendor "Php" for product "Php"
 5.5.2
Search vendor "Php" for product "Php" and version "5.5.2"
-
Affected
Php
Search vendor "Php"
 Php
Search vendor "Php" for product "Php"
 5.5.3
Search vendor "Php" for product "Php" and version "5.5.3"
-
Affected
Php
Search vendor "Php"
 Php
Search vendor "Php" for product "Php"
 5.5.4
Search vendor "Php" for product "Php" and version "5.5.4"
-
Affected
Php
Search vendor "Php"
 Php
Search vendor "Php" for product "Php"
 5.5.5
Search vendor "Php" for product "Php" and version "5.5.5"
-
Affected
Php
Search vendor "Php"
 Php
Search vendor "Php" for product "Php"
 5.5.6
Search vendor "Php" for product "Php" and version "5.5.6"
-
Affected
Php
Search vendor "Php"
 Php
Search vendor "Php" for product "Php"
 5.5.7
Search vendor "Php" for product "Php" and version "5.5.7"
-
Affected
Php
Search vendor "Php"
 Php
Search vendor "Php" for product "Php"
 5.5.8
Search vendor "Php" for product "Php" and version "5.5.8"
-
Affected
Php
Search vendor "Php"
 Php
Search vendor "Php" for product "Php"
 5.5.9
Search vendor "Php" for product "Php" and version "5.5.9"
-
Affected
Php
Search vendor "Php"
 Php
Search vendor "Php" for product "Php"
 5.5.10
Search vendor "Php" for product "Php" and version "5.5.10"
-
Affected
Php
Search vendor "Php"
 Php
Search vendor "Php" for product "Php"
 5.5.11
Search vendor "Php" for product "Php" and version "5.5.11"
-
Affected
Php
Search vendor "Php"
 Php
Search vendor "Php" for product "Php"
 5.5.12
Search vendor "Php" for product "Php" and version "5.5.12"
-
Affected
Php
Search vendor "Php"
 Php
Search vendor "Php" for product "Php"
 5.5.13
Search vendor "Php" for product "Php" and version "5.5.13"
-
Affected
Php
Search vendor "Php"
 Php
Search vendor "Php" for product "Php"
 5.5.14
Search vendor "Php" for product "Php" and version "5.5.14"
-
Affected
Php
Search vendor "Php"
 Php
Search vendor "Php" for product "Php"
 5.5.15
Search vendor "Php" for product "Php" and version "5.5.15"
-
Affected
Php
Search vendor "Php"
 Php
Search vendor "Php" for product "Php"
 5.5.16
Search vendor "Php" for product "Php" and version "5.5.16"
-
Affected
Php
Search vendor "Php"
 Php
Search vendor "Php" for product "Php"
 5.5.17
Search vendor "Php" for product "Php" and version "5.5.17"
-
Affected
Php
Search vendor "Php"
 Php
Search vendor "Php" for product "Php"
 5.6.0
Search vendor "Php" for product "Php" and version "5.6.0"
-
Affected
Php
Search vendor "Php"
 Php
Search vendor "Php" for product "Php"
 5.6.1
Search vendor "Php" for product "Php" and version "5.6.1"
-
Affected