CVE-2005-0524

Name of the Vulnerable Software and Affected Versions PHP versions 4.2.2, 4.3.9, 4.3.10, 5.0.3

Description The issue allows remote attackers to cause a denial of service, specifically an infinite loop, by exploiting the php handle iff function in image.c, which is reachable through the getimagesize PHP function. This can be achieved by passing a -8 size value to the function, leading to a denial of service. The vulnerability arises due to incorrect handling of user input by the php handle iff function when called by getimagesize.

Recommendations For PHP version 4.2.2, update to a version that fixes the php handle iff function issue. For PHP version 4.3.9, update to a version that fixes the php handle iff function issue. For PHP version 4.3.10, update to a version that fixes the php handle iff function issue. For PHP version 5.0.3, update to a version that fixes the php handle iff function issue. As a temporary workaround, consider restricting the use of the getimagesize function until a patch is available.