Back to search
CVE-2007-1777
Published: Mar 30, 2007
Modified: Aug 7, 2024
PUBLISHED
Description
Integer overflow in the zip_read_entry function in PHP 4 before 4.4.5 allows remote attackers to execute arbitrary code via a ZIP archive that contains an entry with a length value of 0xffffffff, which is incremented before use in an emalloc call, triggering a heap overflow.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
DSA-1283
vendor-advisory
x_refsource_DEBIAN
http://www.php-security.org/MOPB/MOPB-35-2007.html
x_refsource_MISC
25062
third-party-advisory
x_refsource_SECUNIA
23169
vdb-entry
x_refsource_BID
php-zipreadentry-bo(33652)
vdb-entry
x_refsource_XF
DSA-1282
vendor-advisory
x_refsource_DEBIAN
MDVSA-2008:130
vendor-advisory
x_refsource_MANDRIVA
25025
third-party-advisory
x_refsource_SECUNIA
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now