FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

CVE-2004-1065

This CVE name corresponds to:

Entered Topic
2004-12-17 php -- multiple vulnerabilities

The following information is adapted from the Common Vulnerabilities and Exposures (CVE) project. CVE and the CVE logo are trademarks of The MITRE Corporation. CVE content is Copyright 2005, The MITRE Corporation.

CVE-2004-1065 at cve.mitre.org

Details

Type Candidate
Name CVE-2004-1065
Phase Assigned(20041123)

Description

Buffer overflow in the exif_read_data function in PHP before 4.3.10 and PHP 5.x up to 5.0.2 allows remote attackers to execute arbitrary code via a long section name in an image file.

References

Source Reference
CONFIRM http://www.php.net/release_4_3_10.php
OPENPKG OpenPKG-SA-2004.053
FEDORA FLSA:2344
HP HPSBMA01212
MANDRAKE MDKSA-2004:151
REDHAT RHSA-2004:687
REDHAT RHSA-2005:032
SUSE SUSE-SA:2005:002
OVAL oval:org.mitre.oval:def:10877
XF php-exifreaddata-bo(18517)

Copyright © 2005 The MITRE Corporation.

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.