CVE-2007-1824 | Vulnerability Database | Aqua Security

Buffer overflow in the php_stream_filter_create function in PHP 5 before 5.2.1 allows remote attackers to cause a denial of service (application crash) via a php://filter/ URL that has a name ending in the . character.

Affected Software

Name	Vendor	Start Version	End Version
Php	Php	5.0.0 (including)	5.0.0 (including)
Php	Php	5.0.1 (including)	5.0.1 (including)
Php	Php	5.0.2 (including)	5.0.2 (including)
Php	Php	5.0.3 (including)	5.0.3 (including)
Php	Php	5.0.4 (including)	5.0.4 (including)
Php	Php	5.0.5 (including)	5.0.5 (including)
Php	Php	5.1.0 (including)	5.1.0 (including)
Php	Php	5.1.1 (including)	5.1.1 (including)
Php	Php	5.1.2 (including)	5.1.2 (including)
Php	Php	5.1.3 (including)	5.1.3 (including)
Php	Php	5.1.4 (including)	5.1.4 (including)
Php	Php	5.1.5 (including)	5.1.5 (including)
Php	Php	5.1.6 (including)	5.1.6 (including)
Php	Php	5.2.0 (including)	5.2.0 (including)
Php5	Ubuntu	dapper	*
Php5	Ubuntu	devel	*
Php5	Ubuntu	edgy	*
Php5	Ubuntu	feisty	*
Php5	Ubuntu	upstream	*

References

http://secunia.com/advisories/25056
http://secunia.com/advisories/25057
http://secunia.com/advisories/25062
http://www.debian.org/security/2007/dsa-1283
http://www.novell.com/linux/security/advisories/2007_32_php.html
http://www.php-security.org/MOPB/MOPB-42-2007.html
http://www.securityfocus.com/bid/23237
http://www.ubuntu.com/usn/usn-455-1
https://exchange.xforce.ibmcloud.com/vulnerabilities/33729
http://secunia.com/advisories/25056
http://secunia.com/advisories/25057
http://secunia.com/advisories/25062
http://www.debian.org/security/2007/dsa-1283
http://www.novell.com/linux/security/advisories/2007_32_php.html
http://www.php-security.org/MOPB/MOPB-42-2007.html
http://www.securityfocus.com/bid/23237
http://www.ubuntu.com/usn/usn-455-1
https://exchange.xforce.ibmcloud.com/vulnerabilities/33729

NVD	https://nvd.nist.gov/vuln/detail/CVE-2007-1824
CWE	https://cwe.mitre.org/data/definitions/NVD-Other.html