View Full Version : Security Announcement: PhotoPost Immune from EXIF PHP Security Flaw

Michael P
December 22nd, 2004, 09:10 AM
There is serious security exploit floating about the Internet concerning the parsing of image EXIF data by PHP driven webapps. The result can be a stack overflow, thus allowing abitrary code execution on some operating systems.

Look for CAN-2004-1065 at this link for more info:


However, PhotoPost users are immune from this security flaw because we do not use PHP's exif extractor to obtain EXIF information from an image (its been unreliable for a long time).