CyberSec.Space Logo
Back to CVE Browser

CVE-2004-1065

CRITICAL
10.0
CVSS Severity Score
EPSS Score0.1740%
EPSS Percentile30.09th
PublishedJan 10, 2005
Last ModifiedApr 16, 2026

Vulnerability Description

Buffer overflow in the exif_read_data function in PHP before 4.3.10 and PHP 5.x up to 5.0.2 allows remote attackers to execute arbitrary code via a long section name in an image file.

Affected Platforms (CPE)

πŸ“¦
Openpkg

Openpkg

= 2.1
πŸ“¦
Openpkg

Openpkg

= 2.2
πŸ“¦
Openpkg

Openpkg

= current
πŸ“¦
Php

Php

= 3.0
πŸ“¦
Php

Php

= 3.0.1
πŸ“¦
Php

Php

= 3.0.2
πŸ“¦
Php

Php

= 3.0.3
πŸ“¦
Php

Php

= 3.0.4
πŸ“¦
Php

Php

= 3.0.5
πŸ“¦
Php

Php

= 3.0.6
πŸ“¦
Php

Php

= 3.0.7
πŸ“¦
Php

Php

= 3.0.8
πŸ“¦
Php

Php

= 3.0.9
πŸ“¦
Php

Php

= 3.0.10
πŸ“¦
Php

Php

= 3.0.11
πŸ“¦
Php

Php

= 3.0.12
πŸ“¦
Php

Php

= 3.0.13
πŸ“¦
Php

Php

= 3.0.14
πŸ“¦
Php

Php

= 3.0.15
πŸ“¦
Php

Php

= 3.0.16
πŸ“¦
Php

Php

= 3.0.17
πŸ“¦
Php

Php

= 3.0.18
πŸ“¦
Php

Php

= 4.0
πŸ“¦
Php

Php

= 4.0.1
πŸ“¦
Php

Php

= 4.0.1
πŸ“¦
Php

Php

= 4.0.1
πŸ“¦
Php

Php

= 4.0.2
πŸ“¦
Php

Php

= 4.0.3
πŸ“¦
Php

Php

= 4.0.3
πŸ“¦
Php

Php

= 4.0.4
πŸ“¦
Php

Php

= 4.0.5
πŸ“¦
Php

Php

= 4.0.6
πŸ“¦
Php

Php

= 4.0.7
πŸ“¦
Php

Php

= 4.0.7
πŸ“¦
Php

Php

= 4.0.7
πŸ“¦
Php

Php

= 4.0.7
πŸ“¦
Php

Php

= 4.1.0
πŸ“¦
Php

Php

= 4.1.1
πŸ“¦
Php

Php

= 4.1.2
πŸ“¦
Php

Php

= 4.2
πŸ“¦
Php

Php

= 4.2.0
πŸ“¦
Php

Php

= 4.2.1
πŸ“¦
Php

Php

= 4.2.2
πŸ“¦
Php

Php

= 4.2.3
πŸ“¦
Php

Php

= 4.3.0
πŸ“¦
Php

Php

= 4.3.1
πŸ“¦
Php

Php

= 4.3.2
πŸ“¦
Php

Php

= 4.3.3
πŸ“¦
Php

Php

= 4.3.4
πŸ“¦
Php

Php

= 4.3.5
πŸ“¦
Php

Php

= 4.3.6
πŸ“¦
Php

Php

= 4.3.7
πŸ“¦
Php

Php

= 4.3.8
πŸ“¦
Php

Php

= 4.3.9
πŸ“¦
Php

Php

= 5.0
πŸ“¦
Php

Php

= 5.0
πŸ“¦
Php

Php

= 5.0
πŸ“¦
Php

Php

= 5.0.0
πŸ“¦
Php

Php

= 5.0.1
πŸ“¦
Php

Php

= 5.0.2
πŸ’»
Trustix

Secure Linux

= 2.0
πŸ’»
Trustix

Secure Linux

= 2.1
πŸ’»
Trustix

Secure Linux

= 2.2
πŸ’»
Ubuntu

Ubuntu Linux

= 4.1
πŸ’»
Ubuntu

Ubuntu Linux

= 4.1

References & Advisories

πŸ”— http://msgs.securepoint.com/cgi-bin/get/bugtraq0412/157.html
πŸ”— http://www.mandriva.com/security/advisories?name=MDKSA-2004:151
πŸ”— http://www.novell.com/linux/security/advisories/2005_02_php4_mod_php4.html
πŸ”— http://www.php.net/release_4_3_10.php
πŸ”— http://www.redhat.com/support/errata/RHSA-2004-687.html
πŸ”— http://www.redhat.com/support/errata/RHSA-2005-032.html
πŸ”— http://www.securityfocus.com/advisories/9028
πŸ”— https://bugzilla.fedora.us/show_bug.cgi?id=2344

Related Vulnerabilities

CVE-2004-101210.0

The argument parser of the PARTIAL command in Cyrus IMAP Server 2.2.6 and earlier allows remote authenticated users to execute arb...

CVE-2004-105010.0

Heap-based buffer overflow in Internet Explorer 6 allows remote attackers to execute arbitrary code via long (1) SRC or (2) NAME a...

CVE-2004-100610.0

Format string vulnerability in the log functions in dhcpd for dhcp 2.x allows remote DNS servers to execute arbitrary code via cer...

CVE-2004-176010.0

The default installation of Cisco voice products, when running the IBM Director Agent on IBM servers before OS 2000.2.6, does not ...