5

CVE-2005-3353

Exploit
The exif_read_data function in the Exif module in PHP before 4.4.1 allows remote attackers to cause a denial of service (infinite loop) via a malformed JPEG image.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
PhpPhp Version4.0.0
PhpPhp Version4.0.1
PhpPhp Version4.0.2
PhpPhp Version4.0.3
PhpPhp Version4.0.4
PhpPhp Version4.0.5
PhpPhp Version4.0.6
PhpPhp Version4.1.0
PhpPhp Version4.1.1
PhpPhp Version4.1.2
PhpPhp Version4.2.0
PhpPhp Version4.2.1
PhpPhp Version4.2.2
PhpPhp Version4.2.3
PhpPhp Version4.3.0
PhpPhp Version4.3.1
PhpPhp Version4.3.2
PhpPhp Version4.3.3
PhpPhp Version4.3.4
PhpPhp Version4.3.5
PhpPhp Version4.3.6
PhpPhp Version4.3.7
PhpPhp Version4.3.8
PhpPhp Version4.3.9
PhpPhp Version4.3.10
PhpPhp Version4.3.11
PhpPhp Version4.4.0
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 7.68% 0.938
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5 10 2.9
AV:N/AC:L/Au:N/C:N/I:N/A:P
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://www.fedoralegacy.org/updates/FC2/2005-11-28-FLSA_2005_166943__Updated_php_packages_fix_security_issues.html
http://itrc.hp.com/service/cki/docDisplay.do?docId=c00786522
http://secunia.com/advisories/22691
http://www.vupen.com/english/advisories/2006/4320
http://secunia.com/advisories/17371
http://secunia.com/advisories/17557
http://www.mandriva.com/security/advisories?name=MDKSA-2005:213
http://docs.info.apple.com/article.html?artnum=303382
http://lists.apple.com/archives/security-announce/2006/Mar/msg00000.html
http://secunia.com/advisories/18198
http://secunia.com/advisories/19064
http://securityreason.com/securityalert/525
http://www.securityfocus.com/bid/16907
http://www.us-cert.gov/cas/techalerts/TA06-062A.html
US Government Resource
http://www.vupen.com/english/advisories/2006/0791
https://www.ubuntu.com/usn/usn-232-1/
http://secunia.com/advisories/17490
http://secunia.com/advisories/17531
http://www.openpkg.org/security/OpenPKG-SA-2005.027-php.html
http://www.turbolinux.com/security/2006/TLSA-2006-38.txt
http://secunia.com/advisories/18054
http://www.securityfocus.com/archive/1/419504/100/0/threaded
http://bugs.php.net/bug.php?id=34704
Patch
Vendor Advisory
Exploit
http://rhn.redhat.com/errata/RHSA-2005-831.html
Vendor Advisory
http://secunia.com/advisories/22713
http://www.debian.org/security/2006/dsa-1206
http://www.php.net/ChangeLog-4.php#4.4.1
http://www.securityfocus.com/bid/15358
https://exchange.xforce.ibmcloud.com/vulnerabilities/24351
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11032