CVE-2005-1042 | Vulnerability Database | Aqua Security

Integer overflow in the exif_process_IFD_TAG function in exif.c in PHP before 4.3.11 may allow remote attackers to execute arbitrary code via an IFD tag that leads to a negative byte count.

Affected Software

Name	Vendor	Start Version	End Version
Php	Php	4.3.0 (including)	4.3.0 (including)
Php	Php	4.3.1 (including)	4.3.1 (including)
Php	Php	4.3.2 (including)	4.3.2 (including)
Php	Php	4.3.3 (including)	4.3.3 (including)
Php	Php	4.3.4 (including)	4.3.4 (including)
Php	Php	4.3.5 (including)	4.3.5 (including)
Php	Php	4.3.6 (including)	4.3.6 (including)
Php	Php	4.3.7 (including)	4.3.7 (including)
Php	Php	4.3.8 (including)	4.3.8 (including)
Php	Php	4.3.9 (including)	4.3.9 (including)
Php	Php	4.3.10 (including)	4.3.10 (including)
Red Hat Enterprise Linux 3	RedHat	php-0:4.3.2-23.ent	*
Red Hat Enterprise Linux 4	RedHat	php-0:4.3.9-3.6	*
Php4	Ubuntu	dapper	*
Php4	Ubuntu	edgy	*
Php5	Ubuntu	dapper	*
Php5	Ubuntu	devel	*
Php5	Ubuntu	edgy	*
Php5	Ubuntu	feisty	*

References

http://cvs.php.net/diff.php/php-src/ext/exif/exif.c?r1=1.118.2.33\u0026r2=1.118.2.34\u0026ty=u
http://lists.apple.com/archives/security-announce/2005/Jun/msg00000.html
http://www.gentoo.org/security/en/glsa/glsa-200504-15.xml
http://www.mandriva.com/security/advisories?name=MDKSA-2005:072
http://www.redhat.com/support/errata/RHSA-2005-405.html
http://www.redhat.com/support/errata/RHSA-2005-406.html
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=154021
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10822
https://usn.ubuntu.com/112-1/

NVD	https://nvd.nist.gov/vuln/detail/CVE-2005-1042
CWE	https://cwe.mitre.org/data/definitions/NVD-Other.html