Re: [SECURITY] [DSA 729-1] New PHP4 packages fix denial of service

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: Re: [SECURITY] [DSA 729-1] New PHP4 packages fix denial of service
From: John GALLET <john.gallet@xxxxxxxxxx>
Date: Fri, 27 May 2005 10:24:43 +0200 (CEST)
In-reply-to: <m1DbGWj-000oqqC@xxxxxxxxxxxxxxxxxxxxxxxxxxx>
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm

Hi there,


> An iDEFENSE researcher discovered two problems in the image processing
> functions of PHP, a server-side, HTML-embedded scripting language, of
> which one is present in woody as well.  When reading a JPEG image, PHP
> can be tricked into an endless loop due to insufficient input
> validation.

I don't see anything in the latest change logs, could anyone please point
me to more information about this error ? Is it located in the GD php
extension ?

Sincerely,
JG

References:
- [SECURITY] [DSA 729-1] New PHP4 packages fix denial of service
  - From: Martin Schulze

Prev by Date: Citrix security contact
Next by Date: RE: ACROS Security: HTML Injection in BEA WebLogic Server Console (2)
Previous by thread: [SECURITY] [DSA 729-1] New PHP4 packages fix denial of service
Next by thread: Alwil Software Avast Antivirus Device Driver Memory Overwrite Vulnerability
Index(es):
- Date
- Thread