Unrated severityNVD Advisory· Published Aug 5, 2009· Updated Apr 23, 2026
CVE-2009-2687
CVE-2009-2687
Description
The exif_read_data function in the Exif module in PHP before 5.2.10 allows remote attackers to cause a denial of service (crash) via a malformed JPEG image with invalid offset fields, a different issue than CVE-2005-3353.
Affected products
4cpe:2.3:o:debian:debian_linux:4.0:*:*:*:*:*:*:*+ 2 more
- cpe:2.3:o:debian:debian_linux:4.0:*:*:*:*:*:*:*
- cpe:2.3:o:debian:debian_linux:5.0:*:*:*:*:*:*:*
- cpe:2.3:o:debian:debian_linux:6.0:*:*:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
18- www.php.net/releases/5_2_10.phpnvdPatchVendor Advisory
- www.securityfocus.com/bid/35440nvdPatchThird Party AdvisoryVDB Entry
- www.vupen.com/english/advisories/2009/1632nvdPatchVendor Advisory
- bugs.php.net/bug.phpnvdExploitVendor Advisory
- lists.opensuse.org/opensuse-security-announce/2009-10/msg00004.htmlnvdMailing ListThird Party Advisory
- marc.infonvdMailing ListThird Party Advisory
- secunia.com/advisories/35441nvdBroken LinkVendor Advisory
- www.debian.org/security/2009/dsa-1940nvdThird Party Advisory
- exchange.xforce.ibmcloud.com/vulnerabilities/51253nvdThird Party AdvisoryVDB Entry
- oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10695nvdThird Party Advisory
- oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6655nvdThird Party Advisory
- osvdb.org/55222nvdBroken Link
- secunia.com/advisories/36462nvdBroken Link
- secunia.com/advisories/37482nvdBroken Link
- secunia.com/advisories/40262nvdBroken Link
- www.mandriva.com/security/advisoriesnvdBroken Link
- www.mandriva.com/security/advisoriesnvdBroken Link
- usn.ubuntu.com/824-1/nvdBroken Link
News mentions
0No linked articles in our index yet.