CVE-2007-1883

PHP 4.0.0 through 4.4.6 and 5.0.0 through 5.2.1 allows context-dependent attackers to read arbitrary memory locations via an interruption that triggers a user space error handler that changes a parameter to an arbitrary pointer, as demonstrated via the iptcembed function, which calls certain convert_to_* functions with its input parameters.

Affected Software

Name	Vendor	Start Version	End Version
Php	Php	4.0.0 (including)	4.0.0 (including)
Php	Php	4.0.1 (including)	4.0.1 (including)
Php	Php	4.0.1-patch1 (including)	4.0.1-patch1 (including)
Php	Php	4.0.1-patch2 (including)	4.0.1-patch2 (including)
Php	Php	4.0.2 (including)	4.0.2 (including)
Php	Php	4.0.3 (including)	4.0.3 (including)
Php	Php	4.0.3-patch1 (including)	4.0.3-patch1 (including)
Php	Php	4.0.4 (including)	4.0.4 (including)
Php	Php	4.0.4-patch1 (including)	4.0.4-patch1 (including)
Php	Php	4.0.5 (including)	4.0.5 (including)
Php	Php	4.0.6 (including)	4.0.6 (including)
Php	Php	4.0.7 (including)	4.0.7 (including)
Php	Php	4.0.7-rc1 (including)	4.0.7-rc1 (including)
Php	Php	4.0.7-rc2 (including)	4.0.7-rc2 (including)
Php	Php	4.0.7-rc3 (including)	4.0.7-rc3 (including)
Php	Php	4.1.0 (including)	4.1.0 (including)
Php	Php	4.1.1 (including)	4.1.1 (including)
Php	Php	4.1.2 (including)	4.1.2 (including)
Php	Php	4.2 (including)	4.2 (including)
Php	Php	4.2.0 (including)	4.2.0 (including)
Php	Php	4.2.1 (including)	4.2.1 (including)
Php	Php	4.2.2 (including)	4.2.2 (including)
Php	Php	4.2.3 (including)	4.2.3 (including)
Php	Php	4.3.0 (including)	4.3.0 (including)
Php	Php	4.3.1 (including)	4.3.1 (including)
Php	Php	4.3.2 (including)	4.3.2 (including)
Php	Php	4.3.3 (including)	4.3.3 (including)
Php	Php	4.3.4 (including)	4.3.4 (including)
Php	Php	4.3.5 (including)	4.3.5 (including)
Php	Php	4.3.6 (including)	4.3.6 (including)
Php	Php	4.3.7 (including)	4.3.7 (including)
Php	Php	4.3.8 (including)	4.3.8 (including)
Php	Php	4.3.9 (including)	4.3.9 (including)
Php	Php	4.3.10 (including)	4.3.10 (including)
Php	Php	4.3.11 (including)	4.3.11 (including)
Php	Php	4.4.0 (including)	4.4.0 (including)
Php	Php	4.4.1 (including)	4.4.1 (including)
Php	Php	4.4.2 (including)	4.4.2 (including)
Php	Php	4.4.3 (including)	4.4.3 (including)
Php	Php	4.4.4 (including)	4.4.4 (including)
Php	Php	4.4.5 (including)	4.4.5 (including)
Php	Php	4.4.6 (including)	4.4.6 (including)
Php	Php	5.0-rc1 (including)	5.0-rc1 (including)
Php	Php	5.0-rc2 (including)	5.0-rc2 (including)
Php	Php	5.0-rc3 (including)	5.0-rc3 (including)
Php	Php	5.0.0 (including)	5.0.0 (including)
Php	Php	5.0.0-beta1 (including)	5.0.0-beta1 (including)
Php	Php	5.0.0-beta2 (including)	5.0.0-beta2 (including)
Php	Php	5.0.0-beta3 (including)	5.0.0-beta3 (including)
Php	Php	5.0.0-beta4 (including)	5.0.0-beta4 (including)
Php	Php	5.0.0-rc1 (including)	5.0.0-rc1 (including)
Php	Php	5.0.0-rc2 (including)	5.0.0-rc2 (including)
Php	Php	5.0.0-rc3 (including)	5.0.0-rc3 (including)
Php	Php	5.0.1 (including)	5.0.1 (including)
Php	Php	5.0.2 (including)	5.0.2 (including)
Php	Php	5.0.3 (including)	5.0.3 (including)
Php	Php	5.0.4 (including)	5.0.4 (including)
Php	Php	5.0.5 (including)	5.0.5 (including)
Php	Php	5.1.0 (including)	5.1.0 (including)
Php	Php	5.1.1 (including)	5.1.1 (including)
Php	Php	5.1.2 (including)	5.1.2 (including)
Php	Php	5.1.3 (including)	5.1.3 (including)
Php	Php	5.1.4 (including)	5.1.4 (including)
Php	Php	5.1.5 (including)	5.1.5 (including)
Php	Php	5.1.6 (including)	5.1.6 (including)
Php	Php	5.2.0 (including)	5.2.0 (including)
Php	Php	5.2.1 (including)	5.2.1 (including)
Php4	Ubuntu	dapper	*
Php4	Ubuntu	edgy	*

NVD	https://nvd.nist.gov/vuln/detail/CVE-2007-1883
CWE	https://cwe.mitre.org/data/definitions/NVD-Other.html

Affected Software

References