Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

PHP Remote getimagesize DoS



The remote host is missing a critical security patch or upgrade.


The remote host is running a version of PHP that is older than 4.3.11 or 5.0.4. This version contains a bug that can be triggered when the getimagesize() function processes malicious IFF or JPEG image files. An attacker exploiting this flaw would be able to present an image to the function that would cause the function to go into an infinite loop by processing a negative file size. A successful exploit would result in the loss of system availability for valid users. There is also a reported flaw in the way that PHP handles data being passed to the Image File Directory (IFD). Reportedly, this leads to a remote Denial of Service (DoS) attack. Other flaws impacting this version of PHP have been reported; however, details have not been released.


Upgrade to 4.3.11, 5.0.4 or higher.