[Forgot Password]
Login  Register Subscribe

30479

 
 

423868

 
 

249982

 
 

909

 
 

195748

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2005-1042Date: (C)2005-05-02   (M)2023-12-22


Integer overflow in the exif_process_IFD_TAG function in exif.c in PHP before 4.3.11 may allow remote attackers to execute arbitrary code via an IFD tag that leads to a negative byte count.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 7.5
Exploit Score: 10.0
Impact Score: 6.4
 
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality: PARTIAL
Integrity: PARTIAL
Availability: PARTIAL
  
Reference:
APPLE-SA-2005-06-08
GLSA-200504-15
MDKSA-2005:072
RHSA-2005:405
RHSA-2005:406
USN-112-1
http://cvs.php.net/diff.php/php-src/ext/exif/exif.c?r1=1.118.2.33&r2=1.118.2.34&ty=u
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=154021
oval:org.mitre.oval:def:10822

CPE    11
cpe:/a:php:php:4.3.4
cpe:/a:php:php:4.3.3
cpe:/a:php:php:4.3.6
cpe:/a:php:php:4.3.5
...

© SecPod Technologies