PHP image.c php_next_marker Function JPEG Processing DoS

2005-03-31T06:09:11
ID OSVDB:15184
Type osvdb
Reporter Anonymous(idlabs-advisories@idefense.com)
Modified 2005-03-31T06:09:11

Description

Vulnerability Description

PHP contains a flaw that may allow a remote attacker to cause a denial of service. The issue is due to the php_next_marker function in image.c, as reachable by the getimagesize PHP function, not properly sanitizing user-supplied input. By supplying a negative length value to the php_stream_seek, an attacker can cause an infinite loop and exhaust system resources.

Solution Description

Upgrade to version 4.3.11, 5.0.4 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Short Description

PHP contains a flaw that may allow a remote attacker to cause a denial of service. The issue is due to the php_next_marker function in image.c, as reachable by the getimagesize PHP function, not properly sanitizing user-supplied input. By supplying a negative length value to the php_stream_seek, an attacker can cause an infinite loop and exhaust system resources.

References:

Vendor URL: http://www.php.net/ Vendor Specific News/Changelog Entry: http://www.php.net/release_4_3_11.php Vendor Specific Advisory URL Vendor Specific Advisory URL Vendor Specific Advisory URL Security Tracker: 1013619 Secunia Advisory ID:14986 Secunia Advisory ID:14975 Secunia Advisory ID:15509 Secunia Advisory ID:15481 Secunia Advisory ID:14792 Secunia Advisory ID:14855 Secunia Advisory ID:17645 Secunia Advisory ID:14988 Secunia Advisory ID:14942 Secunia Advisory ID:14973 Secunia Advisory ID:15182 Related OSVDB ID: 15183 Other Advisory URL: http://www.mandrakesoft.com/security/advisories?name=MDKSA-2005:072 Other Advisory URL: http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=000955 Other Advisory URL: http://www.idefense.com/application/poi/display?id=222&type=vulnerabilities&flashstatus=true Other Advisory URL: http://security.gentoo.org/glsa/glsa-200504-15.xml Other Advisory URL: http://www.ubuntulinux.org/support/documentation/usn/usn-105-1 Other Advisory URL: http://www.ubuntulinux.org/support/documentation/usn/usn-112-1 Other Advisory URL: http://www.debian.org/security/2005/dsa-708 Other Advisory URL: http://rhn.redhat.com/errata/RHSA-2005-405.html Other Advisory URL: http://www.debian.org/security/2005/dsa-729 Other Advisory URL: http://lists.suse.com/archive/suse-security-announce/2005-Apr/0004.html Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2005-03/0548.html Keyword: SCOSA-2005.49 CVE-2005-0525