|
|
Subscribe / Log in / New account

php4: denial of service vulnerabilities

Package(s):php4 CVE #(s):CAN-2005-0524 CAN-2005-0525
Created:April 5, 2005 Updated:May 26, 2005
Description: Two DoS vulnerabilities exist in PHP versions 4.2.2, 4.3.9, 4.3.10 and 5.0.3. One in the php_handle_iff function in image.c allows remote attackers to cause a denial of service (infinite loop) via a -8 size value. The php_next_marker function in image.c allows remote attackers to cause a denial of service (infinite loop) via a JPEG image with an invalid marker value, which causes a negative length value to be passed to php_stream_seek. This later vulnerability also exists in PHP 3.
Alerts:
Debian DSA-729-1 php4 2005-05-26
Gentoo 200504-15 php 2005-04-18
Fedora FEDORA-2005-315 php 2005-04-15
Debian DSA-708-1 php3 2005-04-15
SuSE SUSE-SA:2005:023 php4, 2005-04-15
Slackware SSA:2005-095-01 php 2005-04-06
Ubuntu USN-105-1 php4 2005-04-05
to post comments


Copyright © 2025, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds