The PHP Development Team launched updates to the PHP 4 and 5 code base, fixing 2 security vulnerabilities that open the door to Denial-of-Service (DoS) attacks (define).

PHP is open source scripting language. In February, a one researcher found that 2 functions that handle images uploads used in PHP 4 and 5 (php_handle_iff and php_handle_jpeg) could be used to makes infinite loops in the program.
The infinite loop, in turn, uses 100% of the system's CPU (define) and damages the system. Both vulnerabilities need the attacker to upload a malicious image to the getimagesize() routine and affects PHP versions 4.2.2, 4.3.9, 4.3.10 and 5.0.3. The routine is used to find out the size and dimensions of image file formats like GIF, JPEG and TIFF.

At risk are sites running PHP that permit users to upload images to the Web server, like photo blogs or wikis. Michael Sutton, director of iDefense labs, said the vulnerabilities are not considered critical bugs because they only bring down the system; the bugs will not permit a malicious hacker to take over the Web server.
It's reasonably important in that you are taking out a Web server and refuse other people access to it, but the thing that makes it not critical is that you cannot run any code on that server," he said.

The php_handle_iff() bug is caused when a user-defined file-stream size and size variable are set to opposing values, 8 and -8 for example.
Not enough validation of JPEG image file headers led to the vulnerability in the php_handle_jpeg() function. The vulnerability can be used if an invalid marker is sent in the stream through the php_next_marker() function, causing the function to point to two bytes of the file when it is returned to php_handle_jpeg() for loop.