CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
AI Score
Confidence
Low
EPSS
Percentile
94.2%
Two Denial of Service vulnerabilities have been discovered in the
getimagesize() function. getimagesize() uses format specific internal
functions php_handle_iff() and php_handle_jpeg() which get stuck in
infinite loops when certain (invalid) size parameters are read from
the image. In web applications that allow users to upload arbitrary
image files, a remote attacker could render the server unavailable by
uploading specially crafted images.