{"alias":[],"description":"exif.c in the Exif extension in PHP before 5.3.6 on 64-bit platforms performs an incorrect cast, which allows remote attackers to cause a denial of service (application crash) via an image with a crafted Image File Directory (IFD) that triggers a buffer over-read.","epss":{"percentile":"0.94935","score":"0.164780"},"id":"CVE-2011-0708","metrics":{"cvss2":{"ac_insuf_info":0,"access_complexity":"MEDIUM","access_vector":"NETWORK","authentication":"NONE","availability_impact":"PARTIAL","base_score":4.3,"base_severity":"MEDIUM","confidentiality_impact":"NONE","exploitability_score":8.6,"impact_score":2.9,"integrity_impact":"NONE","obtain_all_privilege":0,"obtain_other_privilege":0,"obtain_user_privilege":0,"user_interaction_required":1,"vector_string":"AV:N\/AC:M\/Au:N\/C:N\/I:N\/A:P","version":"2.0"}},"modified":"2026-04-29T01:13:23","nvd_status":"Modified","published":"2011-03-20T02:00:03","score":4.3,"severity":"MEDIUM","source":"secalert@redhat.com","status":"PUBLISHED","weaknesses":[{"id":"CWE-119","name":"Improper Restriction of Operations within the Bounds of a Memory Buffer","type":"weakness"}]}