Computer Security
[EN] securityvulns.ru no-pyccku


PHP zip_entry_read() function integer overflow
updated since 29.03.2007
Published:31.03.2007
Source:
SecurityVulns ID:7492
Type:library
Threat Level:
6/10
Description:Integer overflow leads to heap memory buffer overflow.
Affected:PHP : PHP 4.4
CVE:CVE-2007-1777 (Integer overflow in the zip_read_entry function in PHP 4 before 4.4.5 allows remote attackers to execute arbitrary code via a ZIP archive that contains an entry with a length value of 0xffffffff, which is incremented before use in an emalloc call, triggering a heap overflow.)
Original documentdocumentPHP-SECURITY, MOPB-35-2007:PHP 4 zip_entry_read() Integer Overflow Vulnerability (29.03.2007)
Files:PHP 4 zip_entry_read() Integer Overflow Vulnerability
 PHP 4 zip_entry_read() Integer Overflow Vulnerability (test archive)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod