PHP iptcembed() function information leak
Published:		31.03.2007
Source:		PHP-SECURITY
SecurityVulns ID:		7514
Type:		remote
Level:		5/10
Description:		Uninitialized memory region is returned on invalid function termination.

Affected:		PHP : PHP 4.4
		PHP : PHP 5.2
CVE:		CVE-2007-1883 (PHP 4.0.0 through 4.4.6 and 5.0.0 through 5.2.1 allows context-dependent attackers to read arbitrary memory locations via an interruption that triggers a user space error handler that changes a parameter to an arbitrary pointer, as demonstrated via the iptcembed function, which calls certain convert_to_* functions with its input parameters.)

Original document

PHP-SECURITY, MOPB-37-2007:PHP iptcembed() Interruption Information Leak Vulnerability (31.03.2007)

Files:		Exploits PHP iptcembed() Interruption Information Leak Vulnerability
Discuss:		Read or add your comments to this news (0 comments)