CVE-2005-1043

NONE EPSS 77.5%
Published Apr 14, 200521y ago · Modified Jun 16, 20262w ago
Find Similar
Published Apr 14, 2005 21y ago
Last Modified Jun 16, 2026 2w ago

Description

exif.c in PHP before 4.3.11 allows remote attackers to cause a denial of service (memory consumption and crash) via an EXIF header with a large IFD nesting level, which causes significant stack recursion.

Threat Intelligence

EPSS Exploit Probability
77.5% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Affected Products 71

VendorProductVersionRange
phpphp4.3.0any
phpphp4.3.1any
phpphp4.3.2any
phpphp4.3.3any
phpphp4.3.4any
phpphp4.3.5any
phpphp4.3.6any
phpphp4.3.7any
phpphp4.3.8any
phpphp4.3.9any
phpphp4.3.10any
sgipropack3.0any
conectivalinux9.0any
conectivalinux10.0any
applemac_os_x10.3.9any
applemac_os_x10.4any
applemac_os_x10.4.1any
applemac_os_x_server10.3.9any
applemac_os_x_server10.4any
applemac_os_x_server10.4.1any
peachtreepeachtree_linuxrelease_1any
susesuse_linux1.0any
susesuse_linux2.0any
susesuse_linux3.0any
susesuse_linux4.0any
susesuse_linux4.2any
susesuse_linux4.3any
susesuse_linux4.4any
susesuse_linux4.4.1any
susesuse_linux5.0any
susesuse_linux5.1any
susesuse_linux5.2any
susesuse_linux5.3any
susesuse_linux6.0any
susesuse_linux6.1any
susesuse_linux6.1any
susesuse_linux6.2any
susesuse_linux6.3any
susesuse_linux6.3any
susesuse_linux6.3any
susesuse_linux6.4any
susesuse_linux6.4any
susesuse_linux6.4any
susesuse_linux6.4any
susesuse_linux7.0any
susesuse_linux7.0any
susesuse_linux7.0any
susesuse_linux7.0any
susesuse_linux7.0any
susesuse_linux7.1any
susesuse_linux7.1any
susesuse_linux7.1any
susesuse_linux7.1any
susesuse_linux7.1any
susesuse_linux7.2any
susesuse_linux7.2any
susesuse_linux7.3any
susesuse_linux7.3any
susesuse_linux7.3any
susesuse_linux7.3any
susesuse_linux8.0any
susesuse_linux8.0any
susesuse_linux8.1any
susesuse_linux8.2any
susesuse_linux9.0any
susesuse_linux9.0any
susesuse_linux9.1any
susesuse_linux9.1any
susesuse_linux9.2any
susesuse_linux9.2any
susesuse_linux9.3any

References 8

  • cvs.php.net http://cvs.php.net/diff.php/php-src/ext/exif/exif.c?r1=1.118.2.29&r2=1.118.2.30&ty=u
    Vendor Advisory
  • lists.apple.com http://lists.apple.com/archives/security-announce/2005/Jun/msg00000.html
  • gentoo.org http://www.gentoo.org/security/en/glsa/glsa-200504-15.xml
    PatchVendor Advisory
  • mandriva.com http://www.mandriva.com/security/advisories?name=MDKSA-2005:072
  • redhat.com http://www.redhat.com/support/errata/RHSA-2005-406.html
    PatchVendor Advisory
  • bugzilla.redhat.com https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=154025
    Vendor Advisory
  • oval.cisecurity.org https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10307
  • usn.ubuntu.com https://usn.ubuntu.com/112-1/

Remediation

  • gentoo.org http://www.gentoo.org/security/en/glsa/glsa-200504-15.xml
    PatchVendor Advisory
  • redhat.com http://www.redhat.com/support/errata/RHSA-2005-406.html
    PatchVendor Advisory