PHP : Security Vulnerabilities, CVEs, Published In May 2005
Integer overflow in the exif_process_IFD_TAG function in exif.c in PHP before 4.3.11 may allow remote attackers to execute arbitrary code via an IFD tag that leads to a negative byte count.
Max CVSS
7.5
EPSS Score
10.81%
Published
2005-05-02
Updated
2018-10-30
PHP 4 (PHP4) allows attackers to cause a denial of service (daemon crash) by using the readfile function on a file whose size is a multiple of the page size.
Max CVSS
2.1
EPSS Score
0.04%
Published
2005-05-02
Updated
2008-09-05
The php_next_marker function in image.c for PHP 4.2.2, 4.3.9, 4.3.10 and 5.0.3, as reachable by the getimagesize PHP function, allows remote attackers to cause a denial of service (infinite loop) via a JPEG image with an invalid marker value, which causes a negative length value to be passed to php_stream_seek.
Max CVSS
5.0
EPSS Score
7.64%
Published
2005-05-02
Updated
2018-05-03
The php_handle_iff function in image.c for PHP 4.2.2, 4.3.9, 4.3.10 and 5.0.3, as reachable by the getimagesize PHP function, allows remote attackers to cause a denial of service (infinite loop) via a -8 size value.
Max CVSS
5.0
EPSS Score
5.95%
Published
2005-05-02
Updated
2018-05-03
4 vulnerabilities found