VYPR
Unrated severityNVD Advisory· Published Nov 29, 2011· Updated Jun 16, 2026

CVE-2011-4566

CVE-2011-4566

Description

Integer overflow in the exif_process_IFD_TAG function in exif.c in the exif extension in PHP 5.4.0beta2 on 32-bit platforms allows remote attackers to read the contents of arbitrary memory locations or cause a denial of service via a crafted offset_val value in an EXIF header in a JPEG file, a different vulnerability than CVE-2011-0708.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

14
  • PHP/PHP3 versions
    cpe:2.3:a:php:php:*:*:*:*:*:*:*:*+ 2 more
    • cpe:2.3:a:php:php:*:*:*:*:*:*:*:*range: >=5.3.0,<5.3.9
    • cpe:2.3:a:php:php:5.4.0:beta2:*:*:*:*:*:*
    • (no CPE)range: = 5.4.0beta2
  • cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:-:*:*:*+ 4 more
    • cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:-:*:*:*
    • cpe:2.3:o:canonical:ubuntu_linux:10.10:*:*:*:*:*:*:*
    • cpe:2.3:o:canonical:ubuntu_linux:11.04:*:*:*:*:*:*:*
    • cpe:2.3:o:canonical:ubuntu_linux:11.10:*:*:*:*:*:*:*
    • cpe:2.3:o:canonical:ubuntu_linux:8.04:*:*:*:-:*:*:*
  • Debian/linux3 versions
    cpe:2.3:o:debian:debian_linux:5.0:*:*:*:*:*:*:*+ 2 more
    • cpe:2.3:o:debian:debian_linux:5.0:*:*:*:*:*:*:*
    • cpe:2.3:o:debian:debian_linux:6.0:*:*:*:*:*:*:*
    • cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*
  • osv-coords3 versions
    < 5.6.28-1.1+ 2 more
    • (no CPE)range: < 5.6.28-1.1
    • (no CPE)range: < 7.0.14-1.4
    • (no CPE)range: < 8.0.11-1.1

Patches

Vulnerability mechanics

References

13

News mentions

0

No linked articles in our index yet.