CVE-2005-1043: Medium severity PHP PHP vulnerability

Published Apr 12, 2005

Updated

exif.c in PHP before 4.3.11 allows remote attackers to cause a denial of service (memory consumption and crash) via an EXIF header with a large IFD nesting level, which causes significant stack recursion.

Affected Software

71 affected components

PHP PHP=4.3.9

Conectiva Linux=9.0

SGI ProPack=3.0

PHP PHP=4.3.4

PHP PHP=4.3.0

PHP PHP=4.3.6

PHP PHP=4.3.7

PHP PHP=4.3.2

PHP PHP=4.3.3

PHP PHP=4.3.1

PHP PHP=4.3.10

Conectiva Linux=10.0

PHP PHP=4.3.8

PHP PHP=4.3.5

SUSE SuSE Linux=6.2

SUSE SuSE Linux=6.3

SUSE SuSE Linux=9.3

SUSE SuSE Linux=4.0

SUSE SuSE Linux=7.1

SUSE SuSE Linux=9.2

SUSE SuSE Linux=9.1

SUSE SuSE Linux=9.0

SUSE SuSE Linux=7.1-alpha

SUSE SuSE Linux=8.2

Apple iOS and macOS=10.4.1

SUSE SuSE Linux=9.0

SUSE SuSE Linux=6.3-alpha

Apple Mac OS X Server=10.4.1

SUSE SuSE Linux=7.3

SUSE SuSE Linux=5.0

SUSE SuSE Linux=4.4.1

SUSE SuSE Linux=7.2

SUSE SuSE Linux=8.0

SUSE SuSE Linux=7.0

SUSE SuSE Linux=5.2

SUSE SuSE Linux=3.0

SUSE SuSE Linux=6.0

SUSE SuSE Linux=6.4

SUSE SuSE Linux=7.3

SUSE SuSE Linux=7.0

SUSE SuSE Linux=6.1-alpha

SUSE SuSE Linux=7.0

SUSE SuSE Linux=1.0

SUSE SuSE Linux=6.1

Apple Mac OS X Server=10.4

SUSE SuSE Linux=8.0

SUSE SuSE Linux=9.1

SUSE SuSE Linux=6.4

Apple iOS and macOS=10.4

SUSE SuSE Linux=7.0-alpha

Apple Mac OS X Server=10.3.9

SUSE SuSE Linux=4.3

SUSE SuSE Linux=4.4

SUSE SuSE Linux=5.1

SUSE SuSE Linux=7.0

Peachtree Peachtree Linux=release_1

SUSE SuSE Linux=7.1

SUSE SuSE Linux=6.3

SUSE SuSE Linux=6.4

SUSE SuSE Linux=4.2

SUSE SuSE Linux=7.1

Apple iOS and macOS=10.3.9

SUSE SuSE Linux=6.4-alpha

SUSE SuSE Linux=7.2

SUSE SuSE Linux=2.0

SUSE SuSE Linux=7.3

SUSE SuSE Linux=9.2

SUSE SuSE Linux=5.3

SUSE SuSE Linux=7.1

SUSE SuSE Linux=8.1

Remediation

Patch Available

http://www.gentoo.org/security/en/glsa/glsa-200504-15.xml

Patch Available

http://www.redhat.com/support/errata/RHSA-2005-406.html

Event History

Apr 12, 2005

CVE Published

via MITRE·08:00 AM

Data Sourced

via MITRE·08:00 AM

Description

Frequently Asked Questions

What is the severity of CVE-2005-1043?

CVE-2005-1043 is classified as a denial of service vulnerability due to excessive memory consumption and potential crashes.

How do I fix CVE-2005-1043?

To fix CVE-2005-1043, upgrade PHP to version 4.3.11 or later, which addresses this vulnerability.

What systems are affected by CVE-2005-1043?

CVE-2005-1043 affects various versions of PHP prior to 4.3.11 and certain versions of Conectiva and SUSE Linux.

What causes CVE-2005-1043?

CVE-2005-1043 is caused by handling EXIF headers with large IFD nesting levels, leading to stack recursion.

Can CVE-2005-1043 be exploited remotely?

Yes, CVE-2005-1043 can be exploited remotely by attackers sending crafted EXIF images to PHP applications.

CVE-2005-1043: Medium severity PHP PHP vulnerability

Affected Software

Remediation

Patch Available

Patch Available

Event History

Don't miss critical vulnerabilities

Frequently Asked Questions

What is the severity of CVE-2005-1043?

How do I fix CVE-2005-1043?

What systems are affected by CVE-2005-1043?

What causes CVE-2005-1043?

Can CVE-2005-1043 be exploited remotely?

Company

Resources

Contact