CVE-2004-1065

Current Description

Buffer overflow in the exif_read_data function in PHP before 4.3.10 and PHP 5.x up to 5.0.2 allows remote attackers to execute arbitrary code via a long section name in an image file.

Basic Data

PublishedJanuary 10, 2005
Last ModifiedOctober 30, 2018
Assignercve@mitre.org
Data TypeCVE
Data FormatMITRE
Data Version4.0
Problem TypeNVD-CWE-Other
CVE Data Version4.0

Base Metric V2

CVSS 2 - Version2.0
CVSS 2 - Vector StringAV:N/AC:L/Au:N/C:C/I:C/A:C
CVSS 2 - Access VectorNETWORK
CVSS 2 - Access ComplexityLOW
CVSS 2 - AuthenticationNONE
CVSS 2 - Confidentiality ImpactCOMPLETE
CVSS 2 - Availability ImpactCOMPLETE
CVSS 2 - Base Score10.0
SeverityHIGH
Exploitability Score10.0
Impact Score10.0
Obtain All Privilegetrue
Obtain User Privilegefalse
Obtain Other Privilegefalse

Base Metric V3

No data provided.

Configurations

  • OR - Configuration 1
    Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
    2.3ApplicationOpenpkgOpenpkg2.1*******
    2.3ApplicationOpenpkgOpenpkg2.2*******
    2.3ApplicationOpenpkgOpenpkgcurrent*******
    2.3ApplicationPhpPhp3.0*******
    2.3ApplicationPhpPhp3.0.1*******
    2.3ApplicationPhpPhp3.0.2*******
    2.3ApplicationPhpPhp3.0.3*******
    2.3ApplicationPhpPhp3.0.4*******
    2.3ApplicationPhpPhp3.0.5*******
    2.3ApplicationPhpPhp3.0.6*******
    2.3ApplicationPhpPhp3.0.7*******
    2.3ApplicationPhpPhp3.0.8*******
    2.3ApplicationPhpPhp3.0.9*******
    2.3ApplicationPhpPhp3.0.10*******
    2.3ApplicationPhpPhp3.0.11*******
    2.3ApplicationPhpPhp3.0.12*******
    2.3ApplicationPhpPhp3.0.13*******
    2.3ApplicationPhpPhp3.0.14*******
    2.3ApplicationPhpPhp3.0.15*******
    2.3ApplicationPhpPhp3.0.16*******
    2.3ApplicationPhpPhp3.0.17*******
    2.3ApplicationPhpPhp3.0.18*******
    2.3ApplicationPhpPhp4.0*******
    2.3ApplicationPhpPhp4.0.1*******
    2.3ApplicationPhpPhp4.0.1patch1******
    2.3ApplicationPhpPhp4.0.1patch2******
    2.3ApplicationPhpPhp4.0.2*******
    2.3ApplicationPhpPhp4.0.3*******
    2.3ApplicationPhpPhp4.0.3patch1******
    2.3ApplicationPhpPhp4.0.4*******
    2.3ApplicationPhpPhp4.0.5*******
    2.3ApplicationPhpPhp4.0.6*******
    2.3ApplicationPhpPhp4.0.7*******
    2.3ApplicationPhpPhp4.0.7rc1******
    2.3ApplicationPhpPhp4.0.7rc2******
    2.3ApplicationPhpPhp4.0.7rc3******
    2.3ApplicationPhpPhp4.1.0*******
    2.3ApplicationPhpPhp4.1.1*******
    2.3ApplicationPhpPhp4.1.2*******
    2.3ApplicationPhpPhp4.2*dev*****
    2.3ApplicationPhpPhp4.2.0*******
    2.3ApplicationPhpPhp4.2.1*******
    2.3ApplicationPhpPhp4.2.2*******
    2.3ApplicationPhpPhp4.2.3*******
    2.3ApplicationPhpPhp4.3.0*******
    2.3ApplicationPhpPhp4.3.1*******
    2.3ApplicationPhpPhp4.3.2*******
    2.3ApplicationPhpPhp4.3.3*******
    2.3ApplicationPhpPhp4.3.4*******
    2.3ApplicationPhpPhp4.3.5*******
    2.3ApplicationPhpPhp4.3.6*******
    2.3ApplicationPhpPhp4.3.7*******
    2.3ApplicationPhpPhp4.3.8*******
    2.3ApplicationPhpPhp4.3.9*******
    2.3ApplicationPhpPhp5.0rc1******
    2.3ApplicationPhpPhp5.0rc2******
    2.3ApplicationPhpPhp5.0rc3******
    2.3ApplicationPhpPhp5.0.0*******
    2.3ApplicationPhpPhp5.0.1*******
    2.3ApplicationPhpPhp5.0.2*******
  • OR - Configuration 2
    Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
    2.3OSTrustixSecure Linux2.0*******
    2.3OSTrustixSecure Linux2.1*******
    2.3OSTrustixSecure Linux2.2*******
    2.3OSUbuntuUbuntu Linux4.1*ia64*****
    2.3OSUbuntuUbuntu Linux4.1*ppc*****

Vulnerable Software List

VendorProductVersions
Openpkg Openpkg 2.1, 2.2, current
Ubuntu Ubuntu Linux 4.1
Php Php 3.0, 3.0.1, 3.0.10, 3.0.11, 3.0.12, 3.0.13, 3.0.14, 3.0.15, 3.0.16, 3.0.17, 3.0.18, 3.0.2, 3.0.3, 3.0.4, 3.0.5, 3.0.6, 3.0.7, 3.0.8, 3.0.9, 4.0, 4.0.1, 4.0.2, 4.0.3, 4.0.4, 4.0.5, 4.0.6, 4.0.7, 4.1.0, 4.1.1, 4.1.2, 4.2, 4.2.0, 4.2.1, 4.2.2, 4.2.3, 4.3.0, 4.3.1, 4.3.2, 4.3.3, 4.3.4, 4.3.5, 4.3.6, 4.3.7, 4.3.8, 4.3.9, 5.0, 5.0.0, 5.0.1, 5.0.2
Trustix Secure Linux 2.0, 2.1, 2.2

References

NameSourceURLTags
OpenPKG-SA-2004.053http://msgs.securepoint.com/cgi-bin/get/bugtraq0412/157.htmlOPENPKG
MDKSA-2004:151http://www.mandriva.com/security/advisories?name=MDKSA-2004:151MANDRAKE
SUSE-SA:2005:002http://www.novell.com/linux/security/advisories/2005_02_php4_mod_php4.htmlSUSE
http://www.php.net/release_4_3_10.phphttp://www.php.net/release_4_3_10.phpCONFIRM
RHSA-2004:687http://www.redhat.com/support/errata/RHSA-2004-687.htmlREDHATPatch Vendor Advisory
RHSA-2005:032http://www.redhat.com/support/errata/RHSA-2005-032.htmlREDHAT
HPSBMA01212http://www.securityfocus.com/advisories/9028HP
FLSA:2344https://bugzilla.fedora.us/show_bug.cgi?id=2344FEDORA
php-exifreaddata-bo(18517)https://exchange.xforce.ibmcloud.com/vulnerabilities/18517XF
oval:org.mitre.oval:def:10877https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10877OVAL