VDB
CVE-2004-1065
CVE-2004-1065
PUBLISHED
CVSS 10 CRITICAL
Buffer overflow in the exif_read_data function in PHP before 4.3.10 and PHP 5.x up to 5.0.2 allows remote attackers to execute arbitrary code via a long section name in an image file.
EPSS 7.16% · 91.7th percentile
Risk Scores
CVSS 2.0
10
EPSS Score
7.16%
91.7th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| php | php | 5.0.1, 4.3.9, 4.0.7 |
| trustix | secure_linux | 2.0, 2.1, 2.2 |
| openpkg | openpkg | 2.1, 2.2, current |
| n/a | n/a | n/a |
| ubuntu | ubuntu_linux | 4.1, 4.1 |
Exploit Intelligence
- RHSA-2005:032 (circl)
- SUSE-SA:2005:002 (circl)
- http://www.php.net/release_4_3_10.php (circl)
- oval:org.mitre.oval:def:10877 (circl)
- MDKSA-2004:151 (circl)
- FLSA:2344 (circl)
- php-exifreaddata-bo(18517) (circl)
- OpenPKG-SA-2004.053 (circl)
- HPSBMA01212 (circl)
- RHSA-2004:687 (circl)
Timeline
- Dec 22, 2004 CVE Published
- Feb 4, 2022 EPSS Score
- Mar 29, 2022 EPSS Score
- Jul 12, 2022 EPSS Score
- Sep 4, 2022 EPSS Score
- Dec 18, 2022 EPSS Score
- Feb 9, 2023 EPSS Score
- Mar 7, 2023 EPSS Score
- May 25, 2023 EPSS Score
- Jul 17, 2023 EPSS Score
- Sep 8, 2023 EPSS Score
- Nov 29, 2023 EPSS Score
References
- RHSA-2005:032 vendor-advisory
- SUSE-SA:2005:002 vendor-advisory
- http://www.php.net/release_4_3_10.php url
- oval:org.mitre.oval:def:10877 vdb
- MDKSA-2004:151 vendor-advisory
- FLSA:2344 vendor-advisory
- php-exifreaddata-bo(18517) vdb
- OpenPKG-SA-2004.053 vendor-advisory
- HPSBMA01212 vendor-advisory
- RHSA-2004:687 vendor-advisory
- https://nvd.nist.gov/vuln/detail/CVE-2004-1065 advisory