var-200504-0063
Vulnerability from variot

exif.c in PHP before 4.3.11 allows remote attackers to cause a denial of service (memory consumption and crash) via an EXIF header with a large IFD nesting level, which causes significant stack recursion. ------------ This vulnerability information is a summary of multiple vulnerabilities released at the same time. Please note that the contents of vulnerability information other than the title are included. ------------ PHP 4 Later, at compile time --enable-exif By compiling with EXIF ( Image file standards for digital cameras ) Enable support for. This generated by the digital camera JPEG/TIFF In the image EXIF Included in header IFD (Image File Directory) tag ( Information such as image size and type, compression method, color information, copyright ) You can get PHP 4.3.10 Before, 5.0.3 Included before EXIF module (exif.c) Contained within a specific image file IFD The following security issues exist due to inadequate handling of tags. still, PHP Group More distributed PHP By default, EXIF Support will not be activated, Red Hat Enterprise Linux Some as Linux Included with the distribution PHP In the package EXIF Support is enabled. PHP 4.3.11/5.0.4 In addition to the above issues, there are multiple security issues (CAN-2005-0524 And CAN-2005-0525 Such ) , And bugs have been fixed, PHP 4.3.11/5.0.4 Can be updated to PHP Group It is strongly recommended.Please refer to the “Overview” for the impact of this vulnerability. PHP is prone to a denial of service vulnerability. This issue could manifest itself in Web applications that allow users to upload images. PHP is a server-side scripting language designed to be embedded in HTML files and can run on Windows, Linux and many Unix operating systems

Show details on source website


{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-200504-0063",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "linux",
        "scope": "eq",
        "trust": 1.9,
        "vendor": "suse",
        "version": "7.3"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 1.9,
        "vendor": "suse",
        "version": "7.2"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 1.9,
        "vendor": "suse",
        "version": "7.1"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 1.9,
        "vendor": "suse",
        "version": "7.0"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "suse",
        "version": "8.1"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "suse",
        "version": "8.0"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "suse",
        "version": "6.4"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "suse",
        "version": "6.3"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "suse",
        "version": "6.2"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "suse",
        "version": "6.1"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "suse",
        "version": "6.0"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "suse",
        "version": "5.3"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "suse",
        "version": "5.2"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "suse",
        "version": "5.1"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "suse",
        "version": "5.0"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "suse",
        "version": "4.4.1"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "suse",
        "version": "4.4"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "suse",
        "version": "4.3"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "suse",
        "version": "4.2"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "suse",
        "version": "4.0"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "suse",
        "version": "3.0"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "suse",
        "version": "2.0"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "suse",
        "version": "1.0"
      },
      {
        "model": "propack",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "sgi",
        "version": "3.0"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "php",
        "version": "4.3.10"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "php",
        "version": "4.3.9"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "php",
        "version": "4.3.8"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "php",
        "version": "4.3.7"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "php",
        "version": "4.3.6"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "php",
        "version": "4.3.5"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "php",
        "version": "4.3.4"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "php",
        "version": "4.3.3"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "php",
        "version": "4.3.2"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "php",
        "version": "4.3.1"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "conectiva",
        "version": "10.0"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "peachtree",
        "version": "release_1"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "10.4"
      },
      {
        "model": "mac os x server",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "10.4.1"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "suse",
        "version": "9.1"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "suse",
        "version": "9.0"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "conectiva",
        "version": "9.0"
      },
      {
        "model": "mac os x server",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "10.3.9"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "suse",
        "version": "9.2"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "php",
        "version": "4.3.0"
      },
      {
        "model": "mac os x server",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "10.4"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "10.4.1"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "suse",
        "version": "9.3"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "10.3.9"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "suse",
        "version": "8.2"
      },
      {
        "model": "php",
        "scope": "lte",
        "trust": 0.8,
        "vendor": "the php group",
        "version": "4.3.10"
      },
      {
        "model": "php",
        "scope": "lte",
        "trust": 0.8,
        "vendor": "the php group",
        "version": "5.0.3"
      },
      {
        "model": "turbolinux server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "turbo linux",
        "version": "10"
      },
      {
        "model": "turbolinux server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "turbo linux",
        "version": "7"
      },
      {
        "model": "turbolinux server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "turbo linux",
        "version": "8"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "3 (as)"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "3 (es)"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "3 (ws)"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "4 (as)"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "4 (es)"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "4 (ws)"
      },
      {
        "model": "linux i386",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "suse",
        "version": "8.0"
      },
      {
        "model": "linux sparc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "suse",
        "version": "7.3"
      },
      {
        "model": "linux ppc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "suse",
        "version": "7.3"
      },
      {
        "model": "linux i386",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "suse",
        "version": "7.3"
      },
      {
        "model": "linux i386",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "suse",
        "version": "7.2"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "suse",
        "version": "7.1x86"
      },
      {
        "model": "linux sparc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "suse",
        "version": "7.1"
      },
      {
        "model": "linux ppc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "suse",
        "version": "7.1"
      },
      {
        "model": "linux alpha",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "suse",
        "version": "7.1"
      },
      {
        "model": "linux sparc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "suse",
        "version": "7.0"
      },
      {
        "model": "linux ppc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "suse",
        "version": "7.0"
      },
      {
        "model": "linux i386",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "suse",
        "version": "7.0"
      },
      {
        "model": "linux alpha",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "suse",
        "version": "7.0"
      },
      {
        "model": "linux ppc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "suse",
        "version": "6.4"
      },
      {
        "model": "linux i386",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "suse",
        "version": "6.4"
      },
      {
        "model": "linux alpha",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "suse",
        "version": "6.4"
      },
      {
        "model": "linux ppc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "suse",
        "version": "6.3"
      },
      {
        "model": "linux alpha",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "suse",
        "version": "6.3"
      },
      {
        "model": "linux alpha",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "suse",
        "version": "6.1"
      },
      {
        "model": "linux personal",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9.3"
      },
      {
        "model": "linux personal x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9.2"
      },
      {
        "model": "linux personal",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9.2"
      },
      {
        "model": "linux personal x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9.1"
      },
      {
        "model": "linux personal",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9.1"
      },
      {
        "model": "linux personal x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9.0"
      },
      {
        "model": "linux personal",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9.0"
      },
      {
        "model": "linux personal",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "8.2"
      },
      {
        "model": "linux i386",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "9.0"
      },
      {
        "model": "linux i686",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "7.3"
      },
      {
        "model": "linux i386",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "7.3"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "7.3"
      },
      {
        "model": "fedora core2",
        "scope": null,
        "trust": 0.3,
        "vendor": "redhat",
        "version": null
      },
      {
        "model": "fedora core1",
        "scope": null,
        "trust": 0.3,
        "vendor": "redhat",
        "version": null
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "4.3"
      },
      {
        "model": "linux release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "peachtree",
        "version": "1"
      },
      {
        "model": "s8710 r2.0.1",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "s8710 r2.0.0",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "s8700 r2.0.1",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "s8700 r2.0.0",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "s8500 r2.0.1",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "s8500 r2.0.0",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "s8300 r2.0.1",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "s8300 r2.0.0",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "modular messaging",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "2.0"
      },
      {
        "model": "modular messaging",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "1.1"
      },
      {
        "model": "mn100",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "intuity lx",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "converged communications server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "2.0"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.1"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.9"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.1"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.9"
      },
      {
        "model": "php",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "php",
        "version": "4.3.11"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "13164"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2005-000256"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200504-048"
      },
      {
        "db": "NVD",
        "id": "CVE-2005-1043"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "cpe_match": [
              {
                "cpe22Uri": "cpe:/a:php:php",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:turbolinux:turbolinux_server",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:redhat:enterprise_linux",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2005-000256"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Martin Pitt  martin.pitt@canonical.com",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200504-048"
      }
    ],
    "trust": 0.6
  },
  "cve": "CVE-2005-1043",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "PARTIAL",
            "baseScore": 5.0,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 10.0,
            "id": "CVE-2005-1043",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 1.8,
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "PARTIAL",
            "baseScore": 5.0,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 10.0,
            "id": "VHN-12252",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2005-1043",
            "trust": 1.0,
            "value": "MEDIUM"
          },
          {
            "author": "NVD",
            "id": "CVE-2005-1043",
            "trust": 0.8,
            "value": "Medium"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-200504-048",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "VULHUB",
            "id": "VHN-12252",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-12252"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2005-000256"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200504-048"
      },
      {
        "db": "NVD",
        "id": "CVE-2005-1043"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "exif.c in PHP before 4.3.11 allows remote attackers to cause a denial of service (memory consumption and crash) via an EXIF header with a large IFD nesting level, which causes significant stack recursion. ------------ This vulnerability information is a summary of multiple vulnerabilities released at the same time. Please note that the contents of vulnerability information other than the title are included. ------------ PHP 4 Later, at compile time --enable-exif By compiling with EXIF ( Image file standards for digital cameras ) Enable support for. This generated by the digital camera JPEG/TIFF In the image EXIF Included in header IFD (Image File Directory) tag ( Information such as image size and type, compression method, color information, copyright ) You can get PHP 4.3.10 Before, 5.0.3 Included before EXIF module (exif.c) Contained within a specific image file IFD The following security issues exist due to inadequate handling of tags. still, PHP Group More distributed PHP By default, EXIF Support will not be activated, Red Hat Enterprise Linux Some as Linux Included with the distribution PHP In the package EXIF Support is enabled. PHP 4.3.11/5.0.4 In addition to the above issues, there are multiple security issues (CAN-2005-0524 And CAN-2005-0525 Such ) , And bugs have been fixed, PHP 4.3.11/5.0.4 Can be updated to PHP Group It is strongly recommended.Please refer to the \u201cOverview\u201d for the impact of this vulnerability. PHP is prone to a denial of service vulnerability. \nThis issue could manifest itself in Web applications that allow users to upload images. PHP is a server-side scripting language designed to be embedded in HTML files and can run on Windows, Linux and many Unix operating systems",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2005-1043"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2005-000256"
      },
      {
        "db": "BID",
        "id": "13164"
      },
      {
        "db": "VULHUB",
        "id": "VHN-12252"
      }
    ],
    "trust": 1.98
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2005-1043",
        "trust": 2.8
      },
      {
        "db": "BID",
        "id": "13164",
        "trust": 1.2
      },
      {
        "db": "BID",
        "id": "13163",
        "trust": 0.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2005-000256",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200504-048",
        "trust": 0.7
      },
      {
        "db": "REDHAT",
        "id": "RHSA-2005:406",
        "trust": 0.6
      },
      {
        "db": "GENTOO",
        "id": "GLSA-200504-15",
        "trust": 0.6
      },
      {
        "db": "UBUNTU",
        "id": "USN-112-1",
        "trust": 0.6
      },
      {
        "db": "MANDRAKE",
        "id": "MDKSA-2005:072",
        "trust": 0.6
      },
      {
        "db": "APPLE",
        "id": "APPLE-SA-2005-06-08",
        "trust": 0.6
      },
      {
        "db": "VULHUB",
        "id": "VHN-12252",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-12252"
      },
      {
        "db": "BID",
        "id": "13164"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2005-000256"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200504-048"
      },
      {
        "db": "NVD",
        "id": "CVE-2005-1043"
      }
    ]
  },
  "id": "VAR-200504-0063",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-12252"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2024-11-23T20:53:46.894000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "ChangeLog-4",
        "trust": 0.8,
        "url": "http://jp2.php.net/ChangeLog-4.php"
      },
      {
        "title": "ChangeLog-5",
        "trust": 0.8,
        "url": "http://jp2.php.net/ChangeLog-5.php"
      },
      {
        "title": "release notes 4.3.11",
        "trust": 0.8,
        "url": "http://jp2.php.net/release_4_3_11.php"
      },
      {
        "title": "#28451",
        "trust": 0.8,
        "url": "http://bugs.php.net/bug.php?id=28451"
      },
      {
        "title": "#31797",
        "trust": 0.8,
        "url": "http://bugs.php.net/bug.php?id=31797"
      },
      {
        "title": "154021",
        "trust": 0.8,
        "url": "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=154021"
      },
      {
        "title": "154025",
        "trust": 0.8,
        "url": "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=154025"
      },
      {
        "title": "RHSA-2005:406",
        "trust": 0.8,
        "url": "https://rhn.redhat.com/errata/RHSA-2005-406.html"
      },
      {
        "title": "RHSA-2005:405",
        "trust": 0.8,
        "url": "https://rhn.redhat.com/errata/RHSA-2005-405.html"
      },
      {
        "title": "TLSA-2005-50",
        "trust": 0.8,
        "url": "http://www.turbolinux.com/security/2005/TLSA-2005-50.txt"
      },
      {
        "title": "RHSA-2005:405",
        "trust": 0.8,
        "url": "http://www.jp.redhat.com/support/errata/RHSA/RHSA-2005-405J.html"
      },
      {
        "title": "RHSA-2005:406",
        "trust": 0.8,
        "url": "http://www.jp.redhat.com/support/errata/RHSA/RHSA-2005-406J.html"
      },
      {
        "title": "TLSA-2005-50",
        "trust": 0.8,
        "url": "http://www.turbolinux.co.jp/security/2005/TLSA-2005-50j.txt"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2005-000256"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "NVD-CWE-Other",
        "trust": 1.0
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2005-1043"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.7,
        "url": "http://lists.apple.com/archives/security-announce/2005/jun/msg00000.html"
      },
      {
        "trust": 1.7,
        "url": "http://www.gentoo.org/security/en/glsa/glsa-200504-15.xml"
      },
      {
        "trust": 1.7,
        "url": "http://www.mandriva.com/security/advisories?name=mdksa-2005:072"
      },
      {
        "trust": 1.7,
        "url": "http://www.redhat.com/support/errata/rhsa-2005-406.html"
      },
      {
        "trust": 1.7,
        "url": "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=154025"
      },
      {
        "trust": 1.6,
        "url": "http://cvs.php.net/diff.php/php-src/ext/exif/exif.c?r1=1.118.2.29\u0026r2=1.118.2.30\u0026ty=u"
      },
      {
        "trust": 1.1,
        "url": "https://usn.ubuntu.com/112-1/"
      },
      {
        "trust": 1.1,
        "url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a10307"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2005-1043"
      },
      {
        "trust": 0.8,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2005-1043"
      },
      {
        "trust": 0.8,
        "url": "http://www.securityfocus.com/bid/13164"
      },
      {
        "trust": 0.8,
        "url": "http://www.securityfocus.com/bid/13163"
      },
      {
        "trust": 0.6,
        "url": "http://www.ubuntulinux.org/support/documentation/usn/usn-112-1"
      },
      {
        "trust": 0.3,
        "url": "http://support.avaya.com/elmodocs2/security/asa-2005-136_rhsa-2005-405_rhsa-2005-406.pdf"
      },
      {
        "trust": 0.3,
        "url": "http://distro.conectiva.com.br/atualizacoes/index.php?id=a\u0026anuncio=000955"
      },
      {
        "trust": 0.3,
        "url": "http://www.php.net/changelog-4.php#4.3.11"
      },
      {
        "trust": 0.3,
        "url": "http://www.php.net/"
      },
      {
        "trust": 0.3,
        "url": "http://rhn.redhat.com/errata/rhsa-2005-405.html"
      },
      {
        "trust": 0.3,
        "url": "/archive/1/396618"
      },
      {
        "trust": 0.1,
        "url": "http://cvs.php.net/diff.php/php-src/ext/exif/exif.c?r1=1.118.2.29\u0026amp;r2=1.118.2.30\u0026amp;ty=u"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-12252"
      },
      {
        "db": "BID",
        "id": "13164"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2005-000256"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200504-048"
      },
      {
        "db": "NVD",
        "id": "CVE-2005-1043"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-12252"
      },
      {
        "db": "BID",
        "id": "13164"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2005-000256"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200504-048"
      },
      {
        "db": "NVD",
        "id": "CVE-2005-1043"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2005-04-14T00:00:00",
        "db": "VULHUB",
        "id": "VHN-12252"
      },
      {
        "date": "2005-04-12T00:00:00",
        "db": "BID",
        "id": "13164"
      },
      {
        "date": "2007-04-01T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2005-000256"
      },
      {
        "date": "2005-04-14T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-200504-048"
      },
      {
        "date": "2005-04-14T04:00:00",
        "db": "NVD",
        "id": "CVE-2005-1043"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2018-10-30T00:00:00",
        "db": "VULHUB",
        "id": "VHN-12252"
      },
      {
        "date": "2009-07-12T12:56:00",
        "db": "BID",
        "id": "13164"
      },
      {
        "date": "2007-04-01T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2005-000256"
      },
      {
        "date": "2005-10-20T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-200504-048"
      },
      {
        "date": "2024-11-20T23:56:28.293000",
        "db": "NVD",
        "id": "CVE-2005-1043"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200504-048"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "PHP of  exif.c Specific in  EXIF Service disruption due to header  (DoS) Vulnerabilities",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2005-000256"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "other",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200504-048"
      }
    ],
    "trust": 0.6
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.


Loading…

Loading…

Loading…

Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.