CVE Vulnerabilities

CVE-2007-1883

Published: Apr 06, 2007 | Modified: Oct 30, 2018
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
7.8 HIGH
AV:N/AC:L/Au:N/C:C/I:N/A:N
RedHat/V2
RedHat/V3
Ubuntu

PHP 4.0.0 through 4.4.6 and 5.0.0 through 5.2.1 allows context-dependent attackers to read arbitrary memory locations via an interruption that triggers a user space error handler that changes a parameter to an arbitrary pointer, as demonstrated via the iptcembed function, which calls certain convert_to_* functions with its input parameters.

Affected Software

Name Vendor Start Version End Version
Php Php 4.3.9 4.3.9
Php Php 5.1.5 5.1.5
Php Php 5.1.2 5.1.2
Php Php 4.2.0 4.2.0
Php Php 5.1.1 5.1.1
Php Php 4.4.4 4.4.4
Php Php 5.0.0 5.0.0
Php Php 4.1.0 4.1.0
Php Php 5.1.6 5.1.6
Php Php 4.3.4 4.3.4
Php Php 4.0.4 4.0.4
Php Php 4.3.0 4.3.0
Php Php 4.0.5 4.0.5
Php Php 5.0 5.0
Php Php 5.0.5 5.0.5
Php Php 4.3.6 4.3.6
Php Php 5.0.1 5.0.1
Php Php 5.1.4 5.1.4
Php Php 4.0.7 4.0.7
Php Php 4.3.7 4.3.7
Php Php 5.0.4 5.0.4
Php Php 4.0.7 4.0.7
Php Php 4.2.2 4.2.2
Php Php 4.4.2 4.4.2
Php Php 4.3.2 4.3.2
Php Php 4.3.11 4.3.11
Php Php 4.0.0 4.0.0
Php Php 4.0.3 4.0.3
Php Php 4.0.7 4.0.7
Php Php 4.0.2 4.0.2
Php Php 4.3.3 4.3.3
Php Php 5.0 5.0
Php Php 4.1.1 4.1.1
Php Php 4.4.3 4.4.3
Php Php 5.0.0 5.0.0
Php Php 5.0.3 5.0.3
Php Php 4.2.3 4.2.3
Php Php 5.1.0 5.1.0
Php Php 4.4.5 4.4.5
Php Php 4.0.1 4.0.1
Php Php 5.0.0 5.0.0
Php Php 4.0.1 4.0.1
Php Php 4.0.6 4.0.6
Php Php 5.2.0 5.2.0
Php Php 5.0 5.0
Php Php 4.1.2 4.1.2
Php Php 5.0.0 5.0.0
Php Php 4.0.7 4.0.7
Php Php 4.3.1 4.3.1
Php Php 5.1.3 5.1.3
Php Php 4.4.0 4.4.0
Php Php 4.3.10 4.3.10
Php Php 4.2.1 4.2.1
Php Php 5.0.0 5.0.0
Php Php 4.0.4 4.0.4
Php Php 4.0.1 4.0.1
Php Php 5.0.2 5.0.2
Php Php 4.4.6 4.4.6
Php Php 4.2 4.2
Php Php 4.4.1 4.4.1
Php Php 5.2.1 5.2.1
Php Php 4.0.3 4.0.3
Php Php 5.0.0 5.0.0
Php Php 5.0.0 5.0.0
Php Php 4.3.8 4.3.8
Php Php 4.3.5 4.3.5
Php Php 5.0.0 5.0.0

References