CVE-2005-1042

Published May 2, 2005

Last updated 6 years ago

CVSS info 7.5

Overview

Description: Integer overflow in the exif_process_IFD_TAG function in exif.c in PHP before 4.3.11 may allow remote attackers to execute arbitrary code via an IFD tag that leads to a negative byte count.
Source: secalert@redhat.com
NVD status: Modified

Risk scores

CVSS 2.0

Type: Primary
Base score: 7.5
Impact score: 6.4
Exploitability score: 10
Vector string: AV:N/AC:L/Au:N/C:P/I:P/A:P

Weaknesses

nvd@nist.gov: NVD-CWE-Other

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:php:php:4.3.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "63190D9B-7958-4B93-87C6-E7D5A572F6DC"
          },
          {
            "criteria": "cpe:2.3:a:php:php:4.3.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7AB2E2E8-81D6-4973-AC0F-AA644EE99DD3"
          },
          {
            "criteria": "cpe:2.3:a:php:php:4.3.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4AAF4586-74FF-47C6-864B-656FDF3F33D0"
          },
          {
            "criteria": "cpe:2.3:a:php:php:4.3.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B14EF0C7-61F2-47A4-B7F8-43FF03C62DCA"
          },
          {
            "criteria": "cpe:2.3:a:php:php:4.3.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5245F990-B4A7-4ED8-909D-B8137CE79FAA"
          },
          {
            "criteria": "cpe:2.3:a:php:php:4.3.5:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5652D5B0-68E4-4239-B9B7-599AFCF4C53E"
          },
          {
            "criteria": "cpe:2.3:a:php:php:4.3.6:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "57B71BB7-5239-4860-9100-8CABC3992D8C"
          },
          {
            "criteria": "cpe:2.3:a:php:php:4.3.7:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "72BD447A-4EED-482C-8F61-48FAD4FCF8BA"
          },
          {
            "criteria": "cpe:2.3:a:php:php:4.3.8:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B3F9DF9D-15E5-4387-ABE3-A7583331A928"
          },
          {
            "criteria": "cpe:2.3:a:php:php:4.3.9:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "11579E5C-D7CF-46EE-B015-5F4185C174E7"
          },
          {
            "criteria": "cpe:2.3:a:php:php:4.3.10:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C69CDE21-2FD4-4529-8F02-8709CF5E3D7E"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 2.0

Weaknesses

Social media

Configurations

References