Vulnerability CVE-2005-1043


Published: 2005-04-14   Modified: 2012-02-12

Description:
exif.c in PHP before 4.3.11 allows remote attackers to cause a denial of service (memory consumption and crash) via an EXIF header with a large IFD nesting level, which causes significant stack recursion.

Type:

CWE-Other

Vendor: Peachtree
Product: Peachtree linux 
Version: release_1;
Vendor: SUSE
Product: Suse linux 
Version:
9.3
9.2
9.1
9.0
8.2
8.1
8.0
7.3
7.2
7.1
7.0
6.4
6.3
6.2
6.1
6.0
5.3
5.2
5.1
5.0
4.4.1
4.4
4.3
4.2
4.0
3.0
2.0
1.0
Vendor: Conectiva
Product: Linux 
Version: 9.0; 10.0;
Vendor: PHP
Product: PHP 
Version:
4.3.9
4.3.8
4.3.7
4.3.6
4.3.5
4.3.4
4.3.3
4.3.2
4.3.10
4.3.1
4.3.0
4.3
Vendor: SGI
Product: Propack 
Version: 3.0;
Vendor: Apple
Product: Mac os x server 
Version:
10.4.1
10.4
10.3.9
Product: Mac os x 
Version:
10.4.1
10.4
10.3.9

CVSS2 => (AV:N/AC:L/Au:N/C:N/I:N/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
5/10
2.9/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
None
None
Partial

 References:
http://cvs.php.net/diff.php/php-src/ext/exif/exif.c?r1=1.118.2.29&r2=1.118.2.30&ty=u
http://lists.apple.com/archives/security-announce/2005/Jun/msg00000.html
http://www.gentoo.org/security/en/glsa/glsa-200504-15.xml
http://www.mandriva.com/security/advisories?name=MDKSA-2005:072
http://www.redhat.com/support/errata/RHSA-2005-406.html
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=154025
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10307
https://usn.ubuntu.com/112-1/

Related CVE
CVE-2018-4470
A privacy issue in the handling of Open Directory records was addressed with improved indexing. This issue affected versions prior to macOS High Sierra 10.13.6.
CVE-2018-4465
A memory corruption issue was addressed with improved memory handling. This issue affected versions prior to iOS 12.1.1, macOS Mojave 10.14.2, tvOS 12.1.1, watchOS 5.1.2.
CVE-2018-4464
Multiple memory corruption issues were addressed with improved memory handling. This issue affected versions prior to iOS 12.1.1, tvOS 12.1.1, watchOS 5.1.2, Safari 12.0.2, iTunes 12.9.2 for Windows, iCloud for Windows 7.9.
CVE-2018-4463
A memory corruption issue was addressed with improved memory handling. This issue affected versions prior to macOS Mojave 10.14.2.
CVE-2018-4462
A validation issue was addressed with improved input sanitization. This issue affected versions prior to macOS Mojave 10.14.2.
CVE-2018-4461
A memory corruption issue was addressed with improved input validation. This issue affected versions prior to iOS 12.1.1, macOS Mojave 10.14.2, tvOS 12.1.1, watchOS 5.1.2.
CVE-2018-4460
A denial of service issue was addressed by removing the vulnerable code. This issue affected versions prior to iOS 12.1.1, macOS Mojave 10.14.2, tvOS 12.1.1, watchOS 5.1.2.
CVE-2018-4456
A memory corruption issue was addressed with improved input validation. This issue affected versions prior to macOS High Sierra 10.13.6, macOS Mojave 10.14.

Copyright 2019, cxsecurity.com

 

Back to Top