Bug 172590

Summary: CVE-2005-3353 PHP exif data DoS
Product: [Fedora] Fedora Reporter: Josh Bressers <bressers>
Component: phpAssignee: Joe Orton <jorton>
Status: CLOSED ERRATA QA Contact: David Lawrence <dkl>
Severity: medium Docs Contact:
Priority: medium    
Version: 4Keywords: Security
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard: impact=moderate,public=20051002,reported=20051104,source=php
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2005-11-25 12:49:24 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Josh Bressers 2005-11-07 17:48:49 UTC 
PHP exif data DoS

An error in the way php processes exif image data has been found.
This flaw will cause PHP to enter an infinite loop when
exif_read_data() against the malicious image.  The PHP process will
continue to consume computing resources until the PHP process is
killed.
http://bugs.php.net/bug.php?id=34704

When run through httpd, the PHP process will eventually timeout and be
killed.  This is only a temporary DoS when PHP is run from httpd..


This issue also affects FC3
Comment 1 Joe Orton 2005-11-25 12:49:24 UTC 
Fixed in FEDORA-2005-1062/FEDORA-2005-1061.