[php-maint] Bug#339577: CVE-2005-3353: Another EXIF related DoS vulnerability

Moritz Muehlenhoff jmm at inutil.org
Thu Nov 17 09:48:18 UTC 2005

Package: php4
Version: 4:4.3.10-16
Severity: important
Tags: security

A vulnerability in PHP's exif code has been found that may DoS a PHP
installation through crafted JPEG images that triggers an infinite
recursion. Details are sparse, but Red Hat has fixed the problem:

This has been assigned CVE-2005-3353 and is different from the recent
EXIF DoS problem wrt IFD levels, which was CVE-2005-1043, PHP bug 28451
and which was fixed upstream in 4.3.11.


-- System Information:
Debian Release: 3.1
  APT prefers stable
  APT policy: (990, 'stable')
Architecture: i386 (i686)
Shell:  /bin/sh linked to /bin/bash
Kernel: Linux 2.4.29-vs1.2.10
Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968)

Versions of packages php4 depends on:
ii  libapache2-mod-php4          4:4.3.10-16 server-side, HTML-embedded scripti
ii  php4-common                  4:4.3.10-16 Common files for packages built fr

php4 recommends no packages.

-- no debconf information

More information about the pkg-php-maint mailing list