NVD Vulnerability Detail

Search Exploit, PoC

NVD脆弱性検索トップ

->

NVD Vulnerability Detail

CVE-2005-0525

Summary	The php_next_marker function in image.c for PHP 4.2.2, 4.3.9, 4.3.10 and 5.0.3, as reachable by the getimagesize PHP function, allows remote attackers to cause a denial of service (infinite loop) via a JPEG image with an invalid marker value, which causes a negative length value to be passed to php_stream_seek.
Publication Date	May 2, 2005, 1 p.m.
Registration Date	Jan. 29, 2021, 5:58 p.m.
Last Update	May 3, 2018, 10:29 a.m.

CVSS2.0 : MEDIUM
Score	5.0
Vector	AV:N/AC:L/Au:N/C:N/I:N/A:P
攻撃元区分(AV)	ネットワーク
攻撃条件の複雑さ(AC)	低
攻撃前の認証要否(Au)	不要
機密性への影響(C)	なし
完全性への影響(I)	なし
可用性への影響(A)	低
Get all privileges.	いいえ
Get user privileges	いいえ
Get other privileges	いいえ
User operation required	いいえ

Affected software configurations

Configuration1		or higher	or less	more than	less than
cpe:2.3:a:php:php:4.2.2:::::::*
cpe:2.3:a:php:php:4.3.9:::::::*
cpe:2.3:a:php:php:4.3.10:::::::*
cpe:2.3:a:php:php:5.0.3:::::::*

Related information, measures and tools

No	URL	refsource	タグ
1	http://lists.apple.com/archives/security-announce/2005/Jun/msg00000.html	APPLE
2	http://secunia.com/advisories/14792	SECUNIA	Patch
3	http://securitytracker.com/id?1013619	SECTRACK
4	http://www.debian.org/security/2005/dsa-708	DEBIAN	Patch
5	http://www.debian.org/security/2005/dsa-729	DEBIAN
6	http://www.gentoo.org/security/en/glsa/glsa-200504-15.xml	GENTOO
7	http://www.mandriva.com/security/advisories?name=MDKSA-2005:072	MANDRAKE
8	http://www.osvdb.org/15184	OSVDB
9	http://www.redhat.com/support/errata/RHSA-2005-405.html	REDHAT
10	http://www.redhat.com/support/errata/RHSA-2005-406.html	REDHAT
11	http://www.securityfocus.com/archive/1/394797	IDEFENSE	Exploit Vendor Advisory
12	http://www.vupen.com/english/advisories/2005/0305	VUPEN
13	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11703	OVAL

Common Vulnerabilities List