An integer overflow was discovered in the exif_process_IFD_TAG() function in PHP4’s EXIF module. EXIF tags with a specially crafted “Image File Directory” (IFD) tag caused a buffer overflow which could have been exploited to execute arbitrary code with the privileges of the PHP4 server. (CAN-2005-1042)
The same module also contained a Denial of Service vulnerability. EXIF headers with a large IFD nesting level caused an unbound recursion which would eventually overflow the stack and cause the executed program to crash. (CAN-2005-1043)
14 April 2005
A security issue affects these releases of Ubuntu and its derivatives:
An integer overflow was discovered in the exif_process_IFD_TAG() function in PHP4’s EXIF module. EXIF tags with a specially crafted “Image File Directory” (IFD) tag caused a buffer overflow which could have been exploited to execute arbitrary code with the privileges of the PHP4 server. (CAN-2005-1042)
The same module also contained a Denial of Service vulnerability. EXIF headers with a large IFD nesting level caused an unbound recursion which would eventually overflow the stack and cause the executed program to crash. (CAN-2005-1043)
In web applications that automatically process EXIF tags of uploaded images, both vulnerabilities could be exploited remotely.
The problem can be corrected by updating your system to the following package versions:
To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.