CVE-2005-3353 is also unfixed in PHP 5.0.5: "The exif_read_data function in the Exif module in PHP before 4.4.1 allows remote attackers to cause a denial of service (infinite loop) via a malformed JPEG image." According to the bug report this will be fixed in 5.0.6 http://bugs.php.net/bug.php?id=34704