Showing 1 - 3 of 3

CVE-2007-4661

Status Candidate

Overview

The chunk_split function in string.c in PHP 5.2.3 does not properly calculate the needed buffer size due to precision loss when performing integer arithmetic with floating point numbers, which has unknown attack vectors and impact, possibly resulting in a heap-based buffer overflow. NOTE: this is due to an incomplete fix for CVE-2007-2872.

Related Files

Ubuntu Security Notice 549-2: Posted Dec 4, 2007; Authored by Ubuntu | Site security.ubuntu.com; Ubuntu Security Notice 549-2 - USN-549-1 fixed vulnerabilities in PHP. However, some upstream changes were incomplete, which caused crashes in certain situations with Ubuntu 7.10.; tags | advisory, php, vulnerability; systems | linux, ubuntu; advisories | CVE-2007-1285, CVE-2007-2872, CVE-2007-3799, CVE-2007-3998, CVE-2007-4657, CVE-2007-4658, CVE-2007-4660, CVE-2007-4661, CVE-2007-4662, CVE-2007-4670, CVE-2007-5898, CVE-2007-5899; SHA-256 | 9a0a4a1d82e27e9d74bb5eb17c3168dc8ab295a00a313b9b1b95a786a5cb345f; Download | Favorite | View

Ubuntu Security Notice 549-1: Posted Nov 30, 2007; Authored by Ubuntu | Site security.ubuntu.com; Ubuntu Security Notice 549-1 - Various integer overflows, arbitrary code execution, and denial of service vulnerabilities have been fixed in PHP 5.; tags | advisory, denial of service, overflow, arbitrary, php, vulnerability, code execution; systems | linux, ubuntu; advisories | CVE-2007-1285, CVE-2007-2872, CVE-2007-3799, CVE-2007-3998, CVE-2007-4657, CVE-2007-4658, CVE-2007-4660, CVE-2007-4661, CVE-2007-4662, CVE-2007-4670, CVE-2007-5898, CVE-2007-5899; SHA-256 | 82dae6b629e189b7e2d3dfbad033c409a70c0f0886d117b786a64d4164df2e82; Download | Favorite | View

Gentoo Linux Security Advisory 200710-2: Posted Oct 9, 2007; Authored by Gentoo | Site security.gentoo.org; Gentoo Linux Security Advisory GLSA 200710-02 - Several vulnerabilities were found in PHP. Mattias Bengtsson and Philip Olausson reported integer overflows in the gdImageCreate() and gdImageCreateTrueColor() functions of the GD library which can cause heap-based buffer overflows. Gerhard Wagner discovered an integer overflow in the chunk_split() function that can lead to a heap-based buffer overflow. Its incomplete fix caused incorrect buffer size calculation due to precision loss, also resulting in a possible heap-based buffer overflow. A buffer overflow in the sqlite_decode_binary() of the SQLite extension found by Stefan Esser that was addressed in PHP 5.2.1 was not fixed correctly. Versions less than 5.2.4_p20070914-r2 are affected.; tags | advisory, overflow, php, vulnerability; systems | linux, gentoo; advisories | CVE-2007-1883, CVE-2007-1887, CVE-2007-1900, CVE-2007-2756, CVE-2007-2872, CVE-2007-3007, CVE-2007-3378, CVE-2007-3806, CVE-2007-3996, CVE-2007-3997, CVE-2007-3998, CVE-2007-4652, CVE-2007-4657, CVE-2007-4658, CVE-2007-4659, CVE-2007-4660, CVE-2007-4661, CVE-2007-4662; SHA-256 | 0954c820cef174c83409c66ee739a3d9955c800b776a51d4b17c9452a9f19875; Download | Favorite | View

Page 1 of 1 Back 1 Next

Top Authors In Last 30 Days

Red Hat 293 files
Ubuntu 64 files
Debian 20 files
Apple 14 files
LiquidWorm 11 files
Gentoo 8 files
Google Security Research 4 files
Andrey Stoykov 3 files
Jann Horn 3 files
Alter Prime 3 files

File Archives

Systems

AIX (430)
Apple (2,132)
BSD (378)
CentOS (61)
Cisco (1,954)
Debian (7,171)
Fedora (1,693)
FreeBSD (1,247)
Gentoo (4,607)
HPUX (881)
iOS (395)
iPhone (108)
IRIX (220)
Juniper (71)
Linux (52,070)
Mac OS X (696)
Mandriva (3,105)
NetBSD (256)
OpenBSD (490)
RedHat (17,426)
Slackware (941)
Solaris (1,615)
SUSE (1,444)
Ubuntu (10,010)
UNIX (9,482)
UnixWare (188)
Windows (6,785)
Other

CVE-2007-4661

Overview

Related Files

File Archive:

November 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems