CVE-2004-1065

NONE EPSS 95.1%
Published Jan 10, 200521y ago · Modified Jun 16, 20262w ago
Find Similar
Published Jan 10, 2005 21y ago
Last Modified Jun 16, 2026 2w ago

Description

Buffer overflow in the exif_read_data function in PHP before 4.3.10 and PHP 5.x up to 5.0.2 allows remote attackers to execute arbitrary code via a long section name in an image file.

Threat Intelligence

EPSS Exploit Probability
95.1% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Affected Products 65

VendorProductVersionRange
openpkgopenpkg2.1any
openpkgopenpkg2.2any
openpkgopenpkgcurrentany
phpphp3.0any
phpphp3.0.1any
phpphp3.0.2any
phpphp3.0.3any
phpphp3.0.4any
phpphp3.0.5any
phpphp3.0.6any
phpphp3.0.7any
phpphp3.0.8any
phpphp3.0.9any
phpphp3.0.10any
phpphp3.0.11any
phpphp3.0.12any
phpphp3.0.13any
phpphp3.0.14any
phpphp3.0.15any
phpphp3.0.16any
phpphp3.0.17any
phpphp3.0.18any
phpphp4.0any
phpphp4.0.1any
phpphp4.0.1any
phpphp4.0.1any
phpphp4.0.2any
phpphp4.0.3any
phpphp4.0.3any
phpphp4.0.4any
phpphp4.0.5any
phpphp4.0.6any
phpphp4.0.7any
phpphp4.0.7any
phpphp4.0.7any
phpphp4.0.7any
phpphp4.1.0any
phpphp4.1.1any
phpphp4.1.2any
phpphp4.2any
phpphp4.2.0any
phpphp4.2.1any
phpphp4.2.2any
phpphp4.2.3any
phpphp4.3.0any
phpphp4.3.1any
phpphp4.3.2any
phpphp4.3.3any
phpphp4.3.4any
phpphp4.3.5any
phpphp4.3.6any
phpphp4.3.7any
phpphp4.3.8any
phpphp4.3.9any
phpphp5.0any
phpphp5.0any
phpphp5.0any
phpphp5.0.0any
phpphp5.0.1any
phpphp5.0.2any
trustixsecure_linux2.0any
trustixsecure_linux2.1any
trustixsecure_linux2.2any
ubuntuubuntu_linux4.1any
ubuntuubuntu_linux4.1any

References 10

  • msgs.securepoint.com http://msgs.securepoint.com/cgi-bin/get/bugtraq0412/157.html
  • mandriva.com http://www.mandriva.com/security/advisories?name=MDKSA-2004:151
  • novell.com http://www.novell.com/linux/security/advisories/2005_02_php4_mod_php4.html
  • php.net http://www.php.net/release_4_3_10.php
  • redhat.com http://www.redhat.com/support/errata/RHSA-2004-687.html
    PatchVendor Advisory
  • redhat.com http://www.redhat.com/support/errata/RHSA-2005-032.html
  • securityfocus.com http://www.securityfocus.com/advisories/9028
  • bugzilla.fedora.us https://bugzilla.fedora.us/show_bug.cgi?id=2344
  • exchange.xforce.ibmcloud.com https://exchange.xforce.ibmcloud.com/vulnerabilities/18517
  • oval.cisecurity.org https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10877

Remediation

  • redhat.com http://www.redhat.com/support/errata/RHSA-2004-687.html
    PatchVendor Advisory