PHP exif.c exif_process_IFD_TAG Function IDF Tag Handling Overflow

2005-04-06T21:32:11
ID OSVDB:15629
Type osvdb
Reporter OSVDB
Modified 2005-04-06T21:32:11

Description

Vulnerability Description

PHP contains a flaw that may allow a remote attacker to gain elevated privileges. The issue is due to the exif_process_IFD_TAG function in exif.c not properly sanitizing user-supplied input. By supplying a crafted IFD tag, an attacker can trigger an overflow and execute arbitrary code.

Short Description

PHP contains a flaw that may allow a remote attacker to gain elevated privileges. The issue is due to the exif_process_IFD_TAG function in exif.c not properly sanitizing user-supplied input. By supplying a crafted IFD tag, an attacker can trigger an overflow and execute arbitrary code.

References:

Vendor URL: http://www.php.net/ Vendor Specific News/Changelog Entry: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=154021 Vendor Specific Advisory URL Vendor Specific Advisory URL Vendor Specific Advisory URL Secunia Advisory ID:14975 Secunia Advisory ID:15203 Secunia Advisory ID:15481 Secunia Advisory ID:17645 Secunia Advisory ID:14988 Secunia Advisory ID:15005 Secunia Advisory ID:15182 Other Advisory URL: http://www.mandrakesoft.com/security/advisories?name=MDKSA-2005:072 Other Advisory URL: http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=000955 Other Advisory URL: http://security.gentoo.org/glsa/glsa-200504-15.xml Other Advisory URL: http://rhn.redhat.com/errata/RHSA-2005-405.html Other Advisory URL: http://www.novell.com/linux/security/advisories/2005_12_sr.html Keyword: SCOSA-2005.49 CVE-2005-1042 Bugtraq ID: 13163