Bugzilla – Bug 78094
VUL-0: CVE-2005-1043: php buffer overflow in exif_process_IFD_TAG
Last modified: 2021-11-03 14:38:01 UTC
The issue is public. We don't have these, right? *sigh* http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1042 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1043 Date: Thu, 14 Apr 2005 11:33:56 +0200 From: Martin Pitt <martin.pitt@canonical.com> To: ubuntu-security-announce@lists.ubuntu.com Cc: full-disclosure@lists.grok.org.uk, bugtraq@securityfocus.com Subject: [Full-disclosure] [USN-112-1] PHP4 vulnerabilities =========================================================== Ubuntu Security Notice USN-112-1 April 14, 2005 php4 vulnerabilities CAN-2005-1042, CAN-2005-1043 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 4.10 (Warty Warthog) The following packages are affected: libapache2-mod-php4 php4-cgi The problem can be corrected by upgrading the affected package to version 4:4.3.8-3ubuntu7.8. After performing a standard system upgrade you need to reload the PHP module in the webserver by executing sudo /etc/init.d/apache2 reload to effect the necessary changes. Details follow: An integer overflow was discovered in the exif_process_IFD_TAG() function in PHP4's EXIF module. EXIF tags with a specially crafted "Image File Directory" (IFD) tag caused a buffer overflow which could have been exploited to execute arbitrary code with the privileges of the PHP4 server. (CAN-2005-1042) The same module also contained a Denial of Service vulnerability. EXIF headers with a large IFD nesting level caused an unbound recursion which would eventually overflow the stack and cause the executed program to crash. (CAN-2005-1043) In web applications that automatically process EXIF tags of uploaded images, both vulnerabilities could be exploited remotely. Source archives: http://security.ubuntu.com/ubuntu/pool/main/p/php4/php4_4.3.8-3ubuntu7.8.diff.gz Size/MD5: 615279 bccbf61fbd657d604778ef0807602269 http://security.ubuntu.com/ubuntu/pool/main/p/php4/php4_4.3.8-3ubuntu7.8.dsc Size/MD5: 1624 50fb00c9c97235f29bd5e0b5be38719f http://security.ubuntu.com/ubuntu/pool/main/p/php4/php4_4.3.8.orig.tar.gz Size/MD5: 4832570 dd69f8c89281f088eadf4ade3dbd39ee [...]
We probably have it - php4-exif and php5-exif packages.
I was referring to the patches :)
AFAIK not.
Fixed packages submitted, porting patch was quite easy :-).
affected subpackages in distros where they are split up are php4-exif and php5-exif I suppose?
SM-Tracker-952
You're right.
Created attachment 35473 [details] corrupted-exif.jpg jpeg with corrupted (recursive) exif data
updates released. no extra advisory, will go into summary advisory-.
CVE-2005-1043: CVSS v2 Base Score: 5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P)