CVE-2005-0524

medium
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

The php_handle_iff function in image.c for PHP 4.2.2, 4.3.9, 4.3.10 and 5.0.3, as reachable by the getimagesize PHP function, allows remote attackers to cause a denial of service (infinite loop) via a -8 size value.

References

http://lists.apple.com/archives/security-announce/2005/Jun/msg00000.html

http://secunia.com/advisories/14792

http://securitytracker.com/id?1013619

http://www.gentoo.org/security/en/glsa/glsa-200504-15.xml

http://www.mandriva.com/security/advisories?name=MDKSA-2005:072

http://www.osvdb.org/15183

http://www.redhat.com/support/errata/RHSA-2005-405.html

http://www.redhat.com/support/errata/RHSA-2005-406.html

http://www.securityfocus.com/archive/1/394797

http://www.vupen.com/english/advisories/2005/0305

https://exchange.xforce.ibmcloud.com/vulnerabilities/19920

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9310

Details

Source: MITRE

Published: 2005-05-02

Updated: 2018-05-03

Risk Information

CVSS v2

Base Score: 5

Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

Impact Score: 2.9

Exploitability Score: 10

Severity: MEDIUM

Tenable Plugins

View all (11 total)

IDNameProductFamilySeverity
23981CentOS 4 : PHP (CESA-2005:406)NessusCentOS Local Security Checks
high
21818CentOS 3 : PHP (CESA-2005:405)NessusCentOS Local Security Checks
high
20491Ubuntu 4.10 : php4 vulnerabilities (USN-105-1)NessusUbuntu Local Security Checks
medium
18437Mac OS X Multiple Vulnerabilities (Security Update 2005-006)NessusMacOS X Local Security Checks
high
18198RHEL 4 : PHP (RHSA-2005:406)NessusRed Hat Local Security Checks
high
18163RHEL 3 : PHP (RHSA-2005:405)NessusRed Hat Local Security Checks
high
18091Mandrake Linux Security Advisory : php (MDKSA-2005:072)NessusMandriva Local Security Checks
critical
18081GLSA-200504-15 : PHP: Multiple vulnerabilitiesNessusGentoo Local Security Checks
high
18057SUSE-SA:2005:023: php4, php5NessusSuSE Local Security Checks
medium
17687PHP Multiple Image Processing Functions File Handling DoSNessusCGI abuses
medium
2782PHP Remote getimagesize DoSNessus Network MonitorWeb Servers
high