[php-maint] Bug#339577: CVE-2005-3353: Another EXIF related DoS
vulnerability
Moritz Muehlenhoff
jmm at inutil.org
Thu Nov 17 09:48:18 UTC 2005
Package: php4
Version: 4:4.3.10-16
Severity: important
Tags: security
A vulnerability in PHP's exif code has been found that may DoS a PHP
installation through crafted JPEG images that triggers an infinite
recursion. Details are sparse, but Red Hat has fixed the problem:
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=166943
This has been assigned CVE-2005-3353 and is different from the recent
EXIF DoS problem wrt IFD levels, which was CVE-2005-1043, PHP bug 28451
and which was fixed upstream in 4.3.11.
Cheers,
Moritz
-- System Information:
Debian Release: 3.1
APT prefers stable
APT policy: (990, 'stable')
Architecture: i386 (i686)
Shell: /bin/sh linked to /bin/bash
Kernel: Linux 2.4.29-vs1.2.10
Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968)
Versions of packages php4 depends on:
ii libapache2-mod-php4 4:4.3.10-16 server-side, HTML-embedded scripti
ii php4-common 4:4.3.10-16 Common files for packages built fr
php4 recommends no packages.
-- no debconf information
More information about the pkg-php-maint
mailing list