Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2005-0524

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2005-0524
Last Modified 07 Mar 2011 09:20:11
Published 02 May 2005 12:00:00
Confidentiality Impact NONE NONE
Integrity Impact NONE NONE
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2005-0524

Summary

The php_handle_iff function in image.c for PHP 4.2.2, 4.3.9, 4.3.10 and 5.0.3, as reachable by the getimagesize PHP function, allows remote attackers to cause a denial of service (infinite loop) via a -8 size value.

Vulnerable Systems

Application

  • Php 4.2.2

  • Php 4.3.10

  • Php 4.3.9

  • Php 5.0.3


References

IDEFENSE - 20050331 PHP getimagesize() Multiple Denial of Service Vulnerabilities

SECTRACK - 1013619

SECUNIA - 14792

XF - php-phphandleiff-dos(19920)

VUPEN - ADV-2005-0305

REDHAT - RHSA-2005:406

REDHAT - RHSA-2005:405

GENTOO - GLSA-200504-15

APPLE - APPLE-SA-2005-06-08

OSVDB - 15183

MANDRAKE - MDKSA-2005:072


Last Updated: 27 May 2016 10:39:50