CyberSec.Space Logo
返回 CVE 瀏覽器

CVE-2004-1065

CRITICAL
10.0
CVSS Severity Score
EPSS Score0.1740%
EPSS Percentile30.09th
Published2005年1月10日
Last Modified2026年4月16日

Vulnerability Description

Buffer overflow in the exif_read_data function in PHP before 4.3.10 and PHP 5.x up to 5.0.2 allows remote attackers to execute arbitrary code via a long section name in an image file.

Affected Platforms (CPE)

📦
Openpkg

Openpkg

= 2.1
📦
Openpkg

Openpkg

= 2.2
📦
Openpkg

Openpkg

= current
📦
Php

Php

= 3.0
📦
Php

Php

= 3.0.1
📦
Php

Php

= 3.0.2
📦
Php

Php

= 3.0.3
📦
Php

Php

= 3.0.4
📦
Php

Php

= 3.0.5
📦
Php

Php

= 3.0.6
📦
Php

Php

= 3.0.7
📦
Php

Php

= 3.0.8
📦
Php

Php

= 3.0.9
📦
Php

Php

= 3.0.10
📦
Php

Php

= 3.0.11
📦
Php

Php

= 3.0.12
📦
Php

Php

= 3.0.13
📦
Php

Php

= 3.0.14
📦
Php

Php

= 3.0.15
📦
Php

Php

= 3.0.16
📦
Php

Php

= 3.0.17
📦
Php

Php

= 3.0.18
📦
Php

Php

= 4.0
📦
Php

Php

= 4.0.1
📦
Php

Php

= 4.0.1
📦
Php

Php

= 4.0.1
📦
Php

Php

= 4.0.2
📦
Php

Php

= 4.0.3
📦
Php

Php

= 4.0.3
📦
Php

Php

= 4.0.4
📦
Php

Php

= 4.0.5
📦
Php

Php

= 4.0.6
📦
Php

Php

= 4.0.7
📦
Php

Php

= 4.0.7
📦
Php

Php

= 4.0.7
📦
Php

Php

= 4.0.7
📦
Php

Php

= 4.1.0
📦
Php

Php

= 4.1.1
📦
Php

Php

= 4.1.2
📦
Php

Php

= 4.2
📦
Php

Php

= 4.2.0
📦
Php

Php

= 4.2.1
📦
Php

Php

= 4.2.2
📦
Php

Php

= 4.2.3
📦
Php

Php

= 4.3.0
📦
Php

Php

= 4.3.1
📦
Php

Php

= 4.3.2
📦
Php

Php

= 4.3.3
📦
Php

Php

= 4.3.4
📦
Php

Php

= 4.3.5
📦
Php

Php

= 4.3.6
📦
Php

Php

= 4.3.7
📦
Php

Php

= 4.3.8
📦
Php

Php

= 4.3.9
📦
Php

Php

= 5.0
📦
Php

Php

= 5.0
📦
Php

Php

= 5.0
📦
Php

Php

= 5.0.0
📦
Php

Php

= 5.0.1
📦
Php

Php

= 5.0.2
💻
Trustix

Secure Linux

= 2.0
💻
Trustix

Secure Linux

= 2.1
💻
Trustix

Secure Linux

= 2.2
💻
Ubuntu

Ubuntu Linux

= 4.1
💻
Ubuntu

Ubuntu Linux

= 4.1

References & Advisories

🔗 http://msgs.securepoint.com/cgi-bin/get/bugtraq0412/157.html
🔗 http://www.mandriva.com/security/advisories?name=MDKSA-2004:151
🔗 http://www.novell.com/linux/security/advisories/2005_02_php4_mod_php4.html
🔗 http://www.php.net/release_4_3_10.php
🔗 http://www.redhat.com/support/errata/RHSA-2004-687.html
🔗 http://www.redhat.com/support/errata/RHSA-2005-032.html
🔗 http://www.securityfocus.com/advisories/9028
🔗 https://bugzilla.fedora.us/show_bug.cgi?id=2344

相關漏洞威脅

CVE-2004-041810.0

serve_notify in CVS 1.12.x through 1.12.8, and 1.11.x through 1.11.16, does not properly handle empty data lines, which may allow ...

CVE-2004-090410.0

Integer overflow in the bitmap (BMP) decoder for Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and Thunderbird...

CVE-2004-100610.0

Format string vulnerability in the log functions in dhcpd for dhcp 2.x allows remote DNS servers to execute arbitrary code via cer...

CVE-2004-129010.0

Buffer overflow in the process_moves function in pgn2web.c for pgn2web 0.3 allows remote attackers to execute arbitrary code via a...