Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
5
CVSSv2

CVE-2005-3353

Published: 18/11/2005 Updated: 30/10/2018
CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10
VMScore: 540
Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
Subscribe to Php

Vulnerability Summary

The exif_read_data function in the Exif module in PHP prior to 4.4.1 allows remote malicious users to cause a denial of service (infinite loop) via a malformed JPEG image.

Vulnerable Product Search on Vulmon Subscribe to Product

php php 4.0.0

php php 4.1.0

php php 4.1.1

php php 4.1.2

php php 4.3.10

php php 4.3.11

php php 4.3.8

php php 4.3.9

php php 4.0.1

php php 4.0.2

php php 4.2.0

php php 4.2.1

php php 4.3.2

php php 4.3.3

php php 4.4.0

php php 4.0.5

php php 4.0.6

php php 4.3.0

php php 4.3.1

php php 4.3.6

php php 4.3.7

php php 4.0.3

php php 4.0.4

php php 4.2.2

php php 4.2.3

php php 4.3.4

php php 4.3.5

Vendor Advisories

Red Hat: php security update
Synopsis php security update Type/Severity Security Advisory: Moderate Topic Updated PHP packages that fix multiple security issues are now availablefor Red Hat Enterprise Linux 3 and 4This update has been rated as having moderate security impact by the RedHat Security Response Team Description ...
Ubuntu Security Notice: php4, php5 vulnerabilities
Eric Romang discovered a local Denial of Service vulnerability in the handling of the ‘sessionsave_path’ parameter in PHP’s Apache 20 module By setting this parameter to an invalid value in an htaccess file, a local user could crash the Apache server (CVE-2005-3319) ...
Debian Security Advisories: DSA-1206-1 php4 -- several vulnerabilities
Several remote vulnerabilities have been discovered in PHP, a server-side, HTML-embedded scripting language, which may lead to the execution of arbitrary code The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2005-3353 Tim Starling discovered that missing input sanitising in the EXIF module could lead ...
Debian CVElist Bug Report Logs: PHP 5.0.5 contains unfixed security bugs
Debian Bug report logs - #336654 PHP 505 contains unfixed security bugs Package: php5; Maintainer for php5 is Debian PHP Maintainers <pkg-php-maint@listsaliothdebianorg>; Source for php5 is src:php5 (PTS, buildd, popcon) Reported by: Florian Weimer <fw@denebenyode> Date: Mon, 31 Oct 2005 20:48:02 UTC Severity ...
Debian CVElist Bug Report Logs: PHP 4.4.1 fixes security bugs
Debian Bug report logs - #336645 PHP 441 fixes security bugs Package: php4; Maintainer for php4 is (unknown); Reported by: Florian Weimer <fw@denebenyode> Date: Mon, 31 Oct 2005 19:48:02 UTC Severity: grave Tags: security Found in version php4/4:4310-16 Fixed in version php4/4:442-1 Done: Adam Conrad <adconrad ...
Debian CVElist Bug Report Logs: CVE-2005-3883: Injection of arbitrary values into the To:-header of the md_send_mail() function
Debian Bug report logs - #341368 CVE-2005-3883: Injection of arbitrary values into the To:-header of the md_send_mail() function Package: php5; Maintainer for php5 is Debian PHP Maintainers <pkg-php-maint@listsaliothdebianorg>; Source for php5 is src:php5 (PTS, buildd, popcon) Reported by: Moritz Muehlenhoff <jmm@inuti ...
Debian CVElist Bug Report Logs: CVE-2005-3319: mod_php DoS through session.save_path option
Debian Bug report logs - #336004 CVE-2005-3319: mod_php DoS through sessionsave_path option Package: php4; Maintainer for php4 is (unknown); Reported by: Moritz Muehlenhoff <jmm@inutilorg> Date: Thu, 27 Oct 2005 10:48:02 UTC Severity: important Tags: security Found in version php4/4:440-4 Fixed in version php4/4:442 ...

References

NVD-CWE-Otherhttp://bugs.php.net/bug.php?id=34704http://www.php.net/ChangeLog-4.php#4.4.1http://rhn.redhat.com/errata/RHSA-2005-831.htmlhttp://www.securityfocus.com/bid/15358http://www.fedoralegacy.org/updates/FC2/2005-11-28-FLSA_2005_166943__Updated_php_packages_fix_security_issues.htmlhttp://www.openpkg.org/security/OpenPKG-SA-2005.027-php.htmlhttp://secunia.com/advisories/18054http://secunia.com/advisories/17371http://secunia.com/advisories/18198http://lists.apple.com/archives/security-announce/2006/Mar/msg00000.htmlhttp://www.securityfocus.com/bid/16907http://secunia.com/advisories/19064http://secunia.com/advisories/17490http://secunia.com/advisories/17531http://secunia.com/advisories/17557http://secunia.com/advisories/22691http://www.debian.org/security/2006/dsa-1206http://secunia.com/advisories/22713http://www.turbolinux.com/security/2006/TLSA-2006-38.txthttp://docs.info.apple.com/article.html?artnum=303382http://www.mandriva.com/security/advisories?name=MDKSA-2005:213http://www.us-cert.gov/cas/techalerts/TA06-062A.htmlhttp://securityreason.com/securityalert/525http://itrc.hp.com/service/cki/docDisplay.do?docId=c00786522http://www.vupen.com/english/advisories/2006/0791http://www.vupen.com/english/advisories/2006/4320https://www.ubuntu.com/usn/usn-232-1/https://exchange.xforce.ibmcloud.com/vulnerabilities/24351https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11032http://www.securityfocus.com/archive/1/419504/100/0/threadedhttps://access.redhat.com/errata/RHSA-2005:831https://usn.ubuntu.com/232-1/https://nvd.nist.gov
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27322cross-site request forgeryunauthorizedCVE-2024-33925reflected XSSCVE-2023-51580CVE-2023-51579CVE-2015-2051CVE-2023-51609
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook