CVE-2009-3292
Unspecified vulnerability in PHP before 5.2.11, and 5.3.x before 5.3.1, has unknown impact and attack vectors related to "missing sanity checks around exif processing."
Date published : 2009-09-22
http://lists.apple.com/archives/security-announce/2009/Nov/msg00000.html