Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
5
CVSSv2

CVE-2005-0525

Published: 02/05/2005 Updated: 03/05/2018
CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10
VMScore: 445
Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
Subscribe to Php

Vulnerability Summary

The php_next_marker function in image.c for PHP 4.2.2, 4.3.9, 4.3.10 and 5.0.3, as reachable by the getimagesize PHP function, allows remote malicious users to cause a denial of service (infinite loop) via a JPEG image with an invalid marker value, which causes a negative length value to be passed to php_stream_seek.

Vulnerable Product Search on Vulmon Subscribe to Product

php php 4.3.9

php php 5.0.3

php php 4.2.2

php php 4.3.10

Vendor Advisories

Ubuntu Security Notice: php4 vulnerabilities
Two Denial of Service vulnerabilities have been discovered in the getimagesize() function getimagesize() uses format specific internal functions php_handle_iff() and php_handle_jpeg() which get stuck in infinite loops when certain (invalid) size parameters are read from the image In web applications that allow users to upload arbitrary image file ...
Red Hat: PHP security update
Synopsis PHP security update Type/Severity Security Advisory: Moderate Topic Updated PHP packages that fix various security issues are now availableThis update has been rated as having moderate security impact by the RedHat Security Response Team Description PHP is an HTML-embedded script ...
Red Hat: PHP security update
Synopsis PHP security update Type/Severity Security Advisory: Moderate Topic Updated PHP packages that fix various security issues are now availableThis update has been rated as having moderate security impact by the RedHat Security Response Team Description PHP is an HTML-embedded script ...
Debian Security Advisories: DSA-729-1 php4 -- missing input sanitising
An iDEFENSE researcher discovered two problems in the image processing functions of PHP, a server-side, HTML-embedded scripting language, of which one is present in woody as well When reading a JPEG image, PHP can be tricked into an endless loop due to insufficient input validation For the stable distribution (woody) this problem has been fixed i ...
Debian Security Advisories: DSA-708-1 php3 -- missing input sanitising
An iDEFENSE researcher discovered two problems in the image processing functions of PHP, a server-side, HTML-embedded scripting language, of which one is present in PHP3 as well When reading a JPEG image, PHP can be tricked into an endless loop due to insufficient input validation For the stable distribution (woody) this problem has been fixed in ...

References

NVD-CWE-Otherhttp://www.securityfocus.com/archive/1/394797http://securitytracker.com/id?1013619http://secunia.com/advisories/14792http://www.gentoo.org/security/en/glsa/glsa-200504-15.xmlhttp://www.redhat.com/support/errata/RHSA-2005-405.htmlhttp://www.debian.org/security/2005/dsa-708http://www.redhat.com/support/errata/RHSA-2005-406.htmlhttp://www.debian.org/security/2005/dsa-729http://lists.apple.com/archives/security-announce/2005/Jun/msg00000.htmlhttp://www.mandriva.com/security/advisories?name=MDKSA-2005:072http://www.osvdb.org/15184http://www.vupen.com/english/advisories/2005/0305https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11703https://usn.ubuntu.com/105-1/https://nvd.nist.gov
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4671unauthorizedCVE-2024-4776CVE-2024-3407CVE-2024-26026CVE-2024-32888wirelessCVE-2024-4656template injection
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook