Vulnerability Details : CVE-2005-1042
Integer overflow in the exif_process_IFD_TAG function in exif.c in PHP before 4.3.11 may allow remote attackers to execute arbitrary code via an IFD tag that leads to a negative byte count.
Vulnerability category: OverflowExecute code
Threat overview for CVE-2005-1042
Top countries where our scanners detected CVE-2005-1042
Top open port discovered on systems with this issue
80
IPs affected by CVE-2005-1042 2,303
Threat actors abusing to this issue?
Yes
Find out if you* are
affected by CVE-2005-1042!
*Directly or indirectly through your vendors, service providers and 3rd parties.
Powered by
attack surface intelligence
from SecurityScorecard.
Exploit prediction scoring system (EPSS) score for CVE-2005-1042
Probability of exploitation activity in the next 30 days: 10.81%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 95 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2005-1042
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
|---|---|---|---|---|---|
|
7.5
|
HIGH | AV:N/AC:L/Au:N/C:P/I:P/A:P |
10.0
|
6.4
|
NIST |
References for CVE-2005-1042
-
http://cvs.php.net/diff.php/php-src/ext/exif/exif.c?r1=1.118.2.33&r2=1.118.2.34&ty=u
Patch
- http://www.redhat.com/support/errata/RHSA-2005-406.html
- http://www.gentoo.org/security/en/glsa/glsa-200504-15.xml
- http://www.mandriva.com/security/advisories?name=MDKSA-2005:072
-
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=154021
- http://lists.apple.com/archives/security-announce/2005/Jun/msg00000.html
-
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10822
- https://usn.ubuntu.com/112-1/
- http://www.redhat.com/support/errata/RHSA-2005-405.html
Products affected by CVE-2005-1042
- cpe:2.3:a:php:php:4.3.0:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:4.3.1:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:4.3.2:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:4.3.3:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:4.3.5:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:4.3.6:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:4.3.7:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:4.3.8:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:4.3.4:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:4.3.9:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:4.3.10:*:*:*:*:*:*:*