20192108 problem in UTILITY/PHP
20231115 problem in UTILITY/PHP
20936509 problem in UTILITY/PHP
20804024 problem in UTILITY/PHP
20804061 problem in UTILITY/PHP
20804135 problem in UTILITY/PHP
20804363 problem in UTILITY/PHP
20804424 problem in UTILITY/PHP
20433657 problem in UTILITY/PHP
20803998 problem in UTILITY/PHP
20804391 problem in UTILITY/PHP
CVE-2014-3670
Community BUG:
https://bugs.php.net/bug.php?id=68113
Community CODE:
http://git.php.net/?p=php-src.git;a=commit;h=ddb207e7fa2e9adeba021a1303c3781efda5409b
Below is the community patch.
Not including the test files at the moment:
ext/exif/tests/bug68113.jpg
ext/exif/tests/bug68113.phpt
because our version of gpatch doesn't understand the git binary data file.
From ddb207e7fa2e9adeba021a1303c3781efda5409b Mon Sep 17 00:00:00 2001
From: Stanislav Malyshev <[email protected]>
Date: Sun, 28 Sep 2014 16:57:42 -0700
Subject: [PATCH] Fix bug #68113 (Heap corruption in exif_thumbnail())
---
ext/exif/exif.c | 4 ++--
ext/exif/tests/bug68113.jpg | Bin 0 -> 368 bytes
ext/exif/tests/bug68113.phpt | 17 +++++++++++++++++
3 files changed, 19 insertions(+), 2 deletions(-)
create mode 100755 ext/exif/tests/bug68113.jpg
create mode 100644 ext/exif/tests/bug68113.phpt
diff --git a/ext/exif/exif.c b/ext/exif/exif.c
index 38907b4..637ebf9 100644
--- a/ext/exif/exif.c
+++ b/ext/exif/exif.c
@@ -2426,11 +2426,11 @@ static void* exif_ifd_make_value(image_info_data *info_data, int motorola_intel
data_ptr += 8;
break;
case TAG_FMT_SINGLE:
- memmove(data_ptr, &info_data->value.f, byte_count);
+ memmove(data_ptr, &info_value->f, 4);
data_ptr += 4;
break;
case TAG_FMT_DOUBLE:
- memmove(data_ptr, &info_data->value.d, byte_count);
+ memmove(data_ptr, &info_value->d, 8);
data_ptr += 8;
break;
}