PHP Group Exif Module IFD Tag Integer Overflow Vulnerability

BID:13163

Info

PHP Group Exif Module IFD Tag Integer Overflow Vulnerability

Bugtraq ID: 13163
Class: Boundary Condition Error
CVE: CVE-2005-1042
Remote: Yes
Local: No
Published: Apr 12 2005 12:00AM
Updated: Jul 12 2009 12:56PM
Credit: This issue was announced by the PHP Group.
Vulnerable: SuSE Linux 8.1
SuSE Linux 8.0 i386
SuSE Linux 8.0
SuSE Linux 7.3 sparc
SuSE Linux 7.3 ppc
SuSE Linux 7.3 i386
SuSE Linux 7.3
SuSE Linux 7.2 i386
SuSE Linux 7.2
SuSE Linux 7.1 x86
SuSE Linux 7.1 sparc
SuSE Linux 7.1 ppc
SuSE Linux 7.1 alpha
SuSE Linux 7.1
SuSE Linux 7.0 sparc
SuSE Linux 7.0 ppc
SuSE Linux 7.0 i386
SuSE Linux 7.0 alpha
SuSE Linux 7.0
SuSE Linux 6.4 ppc
SuSE Linux 6.4 i386
SuSE Linux 6.4 alpha
SuSE Linux 6.4
SuSE Linux 6.3 ppc
SuSE Linux 6.3 alpha
SuSE Linux 6.3
SuSE Linux 6.2
SuSE Linux 6.1 alpha
SuSE Linux 6.1
SuSE Linux 6.0
SuSE Linux 5.3
SuSE Linux 5.2
SuSE Linux 5.1
SuSE Linux 5.0
SuSE Linux 4.4.1
SuSE Linux 4.4
SuSE Linux 4.3
SuSE Linux 4.2
SuSE Linux 4.0
SuSE Linux 3.0
SuSE Linux 2.0
SuSE Linux 1.0
SGI ProPack 3.0
S.u.S.E. Linux Personal 9.3
S.u.S.E. Linux Personal 9.2 x86_64
S.u.S.E. Linux Personal 9.2
S.u.S.E. Linux Personal 9.1 x86_64
S.u.S.E. Linux Personal 9.1
S.u.S.E. Linux Personal 9.0 x86_64
S.u.S.E. Linux Personal 9.0
S.u.S.E. Linux Personal 8.2
Redhat Linux 9.0 i386
Redhat Linux 7.3 i686
Redhat Linux 7.3 i386
Redhat Linux 7.3
Redhat Fedora Core2
Redhat Fedora Core1
PHP PHP 4.3.10
+ Gentoo Linux
+ Redhat Fedora Core3
 + Trustix Secure Enterprise Linux 2.0
+ Trustix Secure Linux 2.2
+ Trustix Secure Linux 2.1
+ Trustix Secure Linux 2.0
+ Trustix Secure Linux 1.5
PHP PHP 4.3.9
PHP PHP 4.3.8
+ Mandriva Linux Mandrake 10.1 x86_64
 + Mandriva Linux Mandrake 10.1
+ S.u.S.E. Linux Personal 9.2
+ Turbolinux Turbolinux Server 10.0
+ Ubuntu Ubuntu Linux 4.1 ppc
 + Ubuntu Ubuntu Linux 4.1 ia64
 + Ubuntu Ubuntu Linux 4.1 ia32
 PHP PHP 4.3.7
PHP PHP 4.3.6
PHP PHP 4.3.5
PHP PHP 4.3.4
+ MandrakeSoft Corporate Server 3.0 x86_64
 + MandrakeSoft Corporate Server 3.0
+ Mandriva Linux Mandrake 10.0 AMD64
 + Mandriva Linux Mandrake 10.0
+ S.u.S.E. Linux Personal 9.1
PHP PHP 4.3.3
+ S.u.S.E. Linux Personal 9.0 x86_64
 + S.u.S.E. Linux Personal 9.0
+ Turbolinux Home
+ Turbolinux Turbolinux 10 F...
 + Turbolinux Turbolinux Desktop 10.0
PHP PHP 4.3.2
PHP PHP 4.3.1
+ Mandriva Linux Mandrake 9.1 ppc
 + Mandriva Linux Mandrake 9.1
+ OpenPKG OpenPKG Current
 + S.u.S.E. Linux Personal 8.2
PHP PHP 4.3
Peachtree Linux release 1
Avaya S8710 R2.0.1
Avaya S8710 R2.0.0
Avaya S8700 R2.0.1
Avaya S8700 R2.0.0
Avaya S8500 R2.0.1
Avaya S8500 R2.0.0
Avaya S8300 R2.0.1
Avaya S8300 R2.0.0
Avaya Modular Messaging (MSS) 2.0
Avaya Modular Messaging (MSS) 1.1
Avaya MN100
Avaya Intuity LX
Avaya Converged Communications Server 2.0
Apple Mac OS X Server 10.4.1
Apple Mac OS X Server 10.4
Apple Mac OS X Server 10.3.9
Apple Mac OS X 10.4.1
Apple Mac OS X 10.4
Apple Mac OS X 10.3.9
Not Vulnerable: PHP PHP 4.3.11

Discussion

PHP Group Exif Module IFD Tag Integer Overflow Vulnerability

PHP is prone to an integer overflow vulnerability in the EXIF module. This issue is exposed when malformed IFD (Image File Directory) tags are processed.

This issue could manifest itself in Web applications that allow users to upload images. Any other application that processes untrusted EXIF image data could also be exposed to attacks. Successful exploitation may allow for execution of arbitrary code.

This vulnerability may be one of the issues described in BID 13143 "PHP Group PHP Multiple Unspecified Vulnerabilities".

Exploit / POC

PHP Group Exif Module IFD Tag Integer Overflow Vulnerability

Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.

Solution / Fix

PHP Group Exif Module IFD Tag Integer Overflow Vulnerability

Solution:
Avaya has released an advisory (ASA-2005-136) that acknowledges this vulnerability for Avaya products. Please see the referenced Avaya advisory for further details.

Conectiva has released an advisory (CLSA-2005:955) and fixes to address this and other issues. Please see the referenced advisory for further information regarding obtaining and applying appropriate updates.

Turbolinux has released advisory TLSA-2005-50 along with fixes dealing with this and other issues. Please see the referenced advisory for more information.

Peachtree Linux has released an advisory (PLSN-0001) including updated packages to address this issue. Please see the referenced advisory for more information.

Ubuntu has released advisory USN-112-1 to provide fixes for this issue. Please see the attached advisory for further information on obtaining and applying fixes.

This issue has been addressed in PHP 4.3.11.

Gentoo Linux has released advisory GLSA 200504-15 dealing with this issue. Gentoo advises that all users upgrade their packages by executing the following commands with superuser privileges:

emerge --sync
emerge --ask --oneshot --verbose ">=dev-php/php-4.3.11"

All mod_php users should upgrade to the latest version:

emerge --sync
emerge --ask --oneshot --verbose ">=dev-php/mod_php-4.3.11"

All php-cgi users should upgrade to the latest version:

emerge --sync
emerge --ask --oneshot --verbose ">=dev-php/php-cgi-4.3.11"

For more information, please see the referenced Gentoo Linux advisory.

RedHat Fedora has released advisory FEDORA-2005-315 for their Core 3 product. Please see the referenced advisory for more information.

Mandriva has released advisory MDKSA-2005:072 to address these issues. Please see the attached advisory for details on obtaining and applying fixes.

Red Hat released advisory RHSA-2005:405-06 as well as fixes to address this and other issues on Red Hat Linux Enterprise platforms. Customers who are affected by this issue are advised to apply the appropriate updates. Customers subscribed to the Red Hat Network may apply the appropriate fixes using the Red Hat Update Agent (up2date). Please see referenced advisories for additional information.

SuSE has released advisory SUSE-SR:2005:012 and fixes for this issue. Fixes can be obtained through the SuSE FTP server or by using the YaST Online Update.

SGI has released an advisory 20050501-01-U including updated SGI ProPack 3
Service Pack 5 packages to address this BID and other issues. Please see
the referenced advisory for more information.

Apple has released security advisory APPLE-SA-2005-06-08 along with fixes dealing with this issue for Mac OS X 10.4.1 and Mac OS X 10.3.9. Please see the referenced advisory for more information.

RedHat Fedora has released Fedora Legacy security advisory FLSA:155505 addressing this issue. Please see the referenced advisory for further information.


Apple Mac OS X Server 10.3.9

Apple Mac OS X 10.3.9

Apple Mac OS X Server 10.4.1

Apple Mac OS X 10.4.1

PHP PHP 4.3

PHP PHP 4.3.1

PHP PHP 4.3.10

PHP PHP 4.3.2

PHP PHP 4.3.3

PHP PHP 4.3.4

PHP PHP 4.3.5

PHP PHP 4.3.6

PHP PHP 4.3.7

PHP PHP 4.3.8

PHP PHP 4.3.9

References

PHP Group Exif Module IFD Tag Integer Overflow Vulnerability

References:
© CVE.report 2026 |

Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.

CVE, CWE, and OVAL are registred trademarks of The MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. This site includes MITRE data granted under the following license.

Free CVE JSON API cve.report/api

CVE.report and Source URL Uptime Status status.cve.report