5

CVE-2005-0525

Exploit
The php_next_marker function in image.c for PHP 4.2.2, 4.3.9, 4.3.10 and 5.0.3, as reachable by the getimagesize PHP function, allows remote attackers to cause a denial of service (infinite loop) via a JPEG image with an invalid marker value, which causes a negative length value to be passed to php_stream_seek.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
PhpPhp Version4.2.2
PhpPhp Version4.3.9
PhpPhp Version4.3.10
PhpPhp Version5.0.3
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 2.81% 0.847
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5 10 2.9
AV:N/AC:L/Au:N/C:N/I:N/A:P
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://www.redhat.com/support/errata/RHSA-2005-405.html
http://www.redhat.com/support/errata/RHSA-2005-406.html
http://www.mandriva.com/security/advisories?name=MDKSA-2005:072
http://lists.apple.com/archives/security-announce/2005/Jun/msg00000.html
http://www.gentoo.org/security/en/glsa/glsa-200504-15.xml
http://secunia.com/advisories/14792
Patch
http://securitytracker.com/id?1013619
http://www.securityfocus.com/archive/1/394797
Vendor Advisory
Exploit
http://www.vupen.com/english/advisories/2005/0305
http://www.debian.org/security/2005/dsa-708
Patch
http://www.debian.org/security/2005/dsa-729
http://www.osvdb.org/15184
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11703