PDA

View Full Version : Security Announcement: PhotoPost Immune from EXIF PHP Security Flaw


Michael P
December 22nd, 2004, 08:10 AM
There is serious security exploit floating about the Internet concerning the parsing of image EXIF data by PHP driven webapps. The result can be a stack overflow, thus allowing abitrary code execution on some operating systems.

Look for CAN-2004-1065 at this link for more info:

https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=141132

However, PhotoPost users are immune from this security flaw because we do not use PHP's exif extractor to obtain EXIF information from an image (its been unreliable for a long time).