Launchpad.net

Launchpad Home
Code
Bugs
Blueprints
Translations
Answers

CVE 2004-1065

Buffer overflow in the exif_read_data function in PHP before 4.3.10 and PHP 5.x up to 5.0.2 allows remote attackers to execute arbitrary code via a long section name in an image file.

Related bugs and status

CVE-2004-1065 (Candidate) is related to these bugs:

Bug #11223: php4: 4.3.10 fixes important security holes

Summary				In	Importance	Status
	11223	php4: 4.3.10 fixes important security holes		php4 (Ubuntu)	High	Fix Released
	11223	php4: 4.3.10 fixes important security holes		php4 (Debian)	Unknown	Fix Released

See the

CVE page on Mitre.org for more details.

References

CONFIRM: http://www.php.net/rel...
FEDORA: FLSA:2344
HP: HPSBMA01212
REDHAT: RHSA-2004:687
REDHAT: RHSA-2005:032
SUSE: SUSE-SA:2005:002
OPENPKG: OpenPKG-SA-2004.053
MANDRAKE: MDKSA-2004:151
XF: php-exifreaddata-bo(18...
OVAL: oval:org.mitre.oval:de...