Loading
The deserialization code in PHP before 4.3.10 and PHP 5.x up to 5.0.2 allows remote attackers to cause a denial of service and execute arbitrary code via untrusted data to the unserialize function that may trigger "information disclosure, double-free and negative reference index array underflow" results.
Use CWE-20, Openpkg vendor hub and Openpkg product page to widen CVE-2004-1019 into its surrounding weakness, vendor, and product context.
Compare it with CVE-2004-0990, CVE-2004-1065 and CVE-2004-1013 for nearby disclosures in the same product family.