fkie_cve-2005-3353
Vulnerability from fkie_nvd
Published
2005-11-18 23:03
Modified
2025-04-03 01:03
Severity ?
Summary
The exif_read_data function in the Exif module in PHP before 4.4.1 allows remote attackers to cause a denial of service (infinite loop) via a malformed JPEG image.
References
secalert@redhat.comhttp://bugs.php.net/bug.php?id=34704Exploit, Patch, Vendor Advisory
secalert@redhat.comhttp://docs.info.apple.com/article.html?artnum=303382
secalert@redhat.comhttp://itrc.hp.com/service/cki/docDisplay.do?docId=c00786522
secalert@redhat.comhttp://lists.apple.com/archives/security-announce/2006/Mar/msg00000.html
secalert@redhat.comhttp://rhn.redhat.com/errata/RHSA-2005-831.htmlVendor Advisory
secalert@redhat.comhttp://secunia.com/advisories/17371
secalert@redhat.comhttp://secunia.com/advisories/17490
secalert@redhat.comhttp://secunia.com/advisories/17531
secalert@redhat.comhttp://secunia.com/advisories/17557
secalert@redhat.comhttp://secunia.com/advisories/18054
secalert@redhat.comhttp://secunia.com/advisories/18198
secalert@redhat.comhttp://secunia.com/advisories/19064
secalert@redhat.comhttp://secunia.com/advisories/22691
secalert@redhat.comhttp://secunia.com/advisories/22713
secalert@redhat.comhttp://securityreason.com/securityalert/525
secalert@redhat.comhttp://www.debian.org/security/2006/dsa-1206
secalert@redhat.comhttp://www.fedoralegacy.org/updates/FC2/2005-11-28-FLSA_2005_166943__Updated_php_packages_fix_security_issues.html
secalert@redhat.comhttp://www.mandriva.com/security/advisories?name=MDKSA-2005:213
secalert@redhat.comhttp://www.openpkg.org/security/OpenPKG-SA-2005.027-php.html
secalert@redhat.comhttp://www.php.net/ChangeLog-4.php#4.4.1
secalert@redhat.comhttp://www.securityfocus.com/archive/1/419504/100/0/threaded
secalert@redhat.comhttp://www.securityfocus.com/bid/15358
secalert@redhat.comhttp://www.securityfocus.com/bid/16907
secalert@redhat.comhttp://www.turbolinux.com/security/2006/TLSA-2006-38.txt
secalert@redhat.comhttp://www.us-cert.gov/cas/techalerts/TA06-062A.htmlUS Government Resource
secalert@redhat.comhttp://www.vupen.com/english/advisories/2006/0791
secalert@redhat.comhttp://www.vupen.com/english/advisories/2006/4320
secalert@redhat.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/24351
secalert@redhat.comhttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11032
secalert@redhat.comhttps://www.ubuntu.com/usn/usn-232-1/
af854a3a-2127-422b-91ae-364da2661108http://bugs.php.net/bug.php?id=34704Exploit, Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://docs.info.apple.com/article.html?artnum=303382
af854a3a-2127-422b-91ae-364da2661108http://itrc.hp.com/service/cki/docDisplay.do?docId=c00786522
af854a3a-2127-422b-91ae-364da2661108http://lists.apple.com/archives/security-announce/2006/Mar/msg00000.html
af854a3a-2127-422b-91ae-364da2661108http://rhn.redhat.com/errata/RHSA-2005-831.htmlVendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/17371
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/17490
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/17531
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/17557
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/18054
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/18198
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/19064
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/22691
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/22713
af854a3a-2127-422b-91ae-364da2661108http://securityreason.com/securityalert/525
af854a3a-2127-422b-91ae-364da2661108http://www.debian.org/security/2006/dsa-1206
af854a3a-2127-422b-91ae-364da2661108http://www.fedoralegacy.org/updates/FC2/2005-11-28-FLSA_2005_166943__Updated_php_packages_fix_security_issues.html
af854a3a-2127-422b-91ae-364da2661108http://www.mandriva.com/security/advisories?name=MDKSA-2005:213
af854a3a-2127-422b-91ae-364da2661108http://www.openpkg.org/security/OpenPKG-SA-2005.027-php.html
af854a3a-2127-422b-91ae-364da2661108http://www.php.net/ChangeLog-4.php#4.4.1
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/archive/1/419504/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/15358
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/16907
af854a3a-2127-422b-91ae-364da2661108http://www.turbolinux.com/security/2006/TLSA-2006-38.txt
af854a3a-2127-422b-91ae-364da2661108http://www.us-cert.gov/cas/techalerts/TA06-062A.htmlUS Government Resource
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2006/0791
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2006/4320
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/24351
af854a3a-2127-422b-91ae-364da2661108https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11032
af854a3a-2127-422b-91ae-364da2661108https://www.ubuntu.com/usn/usn-232-1/
Impacted products
Vendor Product Version
php php 4.0.0
php php 4.0.1
php php 4.0.2
php php 4.0.3
php php 4.0.4
php php 4.0.5
php php 4.0.6
php php 4.1.0
php php 4.1.1
php php 4.1.2
php php 4.2.0
php php 4.2.1
php php 4.2.2
php php 4.2.3
php php 4.3.0
php php 4.3.1
php php 4.3.2
php php 4.3.3
php php 4.3.4
php php 4.3.5
php php 4.3.6
php php 4.3.7
php php 4.3.8
php php 4.3.9
php php 4.3.10
php php 4.3.11
php php 4.4.0


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:php:php:4.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "7BF57C14-86B6-419A-BAFF-93D01CB1E081",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:4.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "78BAA18C-E5A0-4210-B64B-709BBFF31EEC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:4.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "13A159B4-B847-47DE-B7F8-89384E6C551B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:4.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "57B59616-A309-40B4-94B1-50A7BC00E35C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:4.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "0F39A1B1-416E-4436-8007-733B66904A14",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:4.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "DD5FC218-3DDB-4981-81C9-6C69F8DA6F4D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:4.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "FC2E5F96-66D2-4F99-A74D-6A2305EE218E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:4.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "6713614A-B14E-4A85-BF89-ED780068FC68",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:4.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "FD95F8EB-B428-4B3C-9254-A5DECE03A989",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:4.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "069EB7EE-06B9-454F-9007-8DE5DCA33C53",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:4.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "18BF5BE6-09EA-45AD-93BF-2BEF1742534E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:4.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "EC1460DF-1687-4314-BF1A-01290B20302D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:4.2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "470380B0-3982-48FC-871B-C8B43C81900D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:4.2.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "9FAA7712-10F0-4BB6-BAFB-D0806AFD9DE2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:4.3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "63190D9B-7958-4B93-87C6-E7D5A572F6DC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:4.3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "7AB2E2E8-81D6-4973-AC0F-AA644EE99DD3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:4.3.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "4AAF4586-74FF-47C6-864B-656FDF3F33D0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:4.3.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "B14EF0C7-61F2-47A4-B7F8-43FF03C62DCA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:4.3.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "5245F990-B4A7-4ED8-909D-B8137CE79FAA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:4.3.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "5652D5B0-68E4-4239-B9B7-599AFCF4C53E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:4.3.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "57B71BB7-5239-4860-9100-8CABC3992D8C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:4.3.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "72BD447A-4EED-482C-8F61-48FAD4FCF8BA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:4.3.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "B3F9DF9D-15E5-4387-ABE3-A7583331A928",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:4.3.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "11579E5C-D7CF-46EE-B015-5F4185C174E7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:4.3.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "C69CDE21-2FD4-4529-8F02-8709CF5E3D7E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:4.3.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "221B9AC4-C63C-4386-B3BD-E4BC102C6124",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:4.4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "78B7BA75-2A32-4A8E-ADF8-BCB4FC48CB5C",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The exif_read_data function in the Exif module in PHP before 4.4.1 allows remote attackers to cause a denial of service (infinite loop) via a malformed JPEG image."
    }
  ],
  "id": "CVE-2005-3353",
  "lastModified": "2025-04-03T01:03:51.193",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 5.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2005-11-18T23:03:00.000",
  "references": [
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Exploit",
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://bugs.php.net/bug.php?id=34704"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://docs.info.apple.com/article.html?artnum=303382"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://itrc.hp.com/service/cki/docDisplay.do?docId=c00786522"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://lists.apple.com/archives/security-announce/2006/Mar/msg00000.html"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://rhn.redhat.com/errata/RHSA-2005-831.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/17371"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/17490"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/17531"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/17557"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/18054"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/18198"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/19064"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/22691"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/22713"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://securityreason.com/securityalert/525"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.debian.org/security/2006/dsa-1206"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.fedoralegacy.org/updates/FC2/2005-11-28-FLSA_2005_166943__Updated_php_packages_fix_security_issues.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:213"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.openpkg.org/security/OpenPKG-SA-2005.027-php.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.php.net/ChangeLog-4.php#4.4.1"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.securityfocus.com/archive/1/419504/100/0/threaded"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.securityfocus.com/bid/15358"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.securityfocus.com/bid/16907"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.turbolinux.com/security/2006/TLSA-2006-38.txt"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.us-cert.gov/cas/techalerts/TA06-062A.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.vupen.com/english/advisories/2006/0791"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.vupen.com/english/advisories/2006/4320"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24351"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11032"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://www.ubuntu.com/usn/usn-232-1/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://bugs.php.net/bug.php?id=34704"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://docs.info.apple.com/article.html?artnum=303382"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://itrc.hp.com/service/cki/docDisplay.do?docId=c00786522"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.apple.com/archives/security-announce/2006/Mar/msg00000.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://rhn.redhat.com/errata/RHSA-2005-831.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/17371"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/17490"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/17531"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/17557"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/18054"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/18198"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/19064"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/22691"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/22713"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://securityreason.com/securityalert/525"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.debian.org/security/2006/dsa-1206"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.fedoralegacy.org/updates/FC2/2005-11-28-FLSA_2005_166943__Updated_php_packages_fix_security_issues.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:213"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.openpkg.org/security/OpenPKG-SA-2005.027-php.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.php.net/ChangeLog-4.php#4.4.1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/419504/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/15358"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/16907"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.turbolinux.com/security/2006/TLSA-2006-38.txt"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.us-cert.gov/cas/techalerts/TA06-062A.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2006/0791"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2006/4320"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24351"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11032"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://www.ubuntu.com/usn/usn-232-1/"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.