The Common Vu...
It was discovered that an integer overflow in the str_replace()
function could lead to the execution of arbitrary code.
CVE-2007-0907
It was discovered that a buffer underflow in the sapi_header_op()
function could crash the PHP interpreter.
CVE-2007-0908
Stefan Esser discovered that a programming error in the wddx
extension allows information disclosure.
CVE-2007-0909
It was discovered that a format string vulnerability in the
odbc_result_all() functions allows the execution of arbitrary code.
CVE-2007-0910
It was discovered that super-global variables could be overwritten
with session data.
CVE-2007-0988
Stefan Esser discovered that the zend_hash_init() function could
be tricked into an endless loop, allowing denial of service through
resource consumption until a timeout is triggered.
For the stable distribution (sarge) these problems have been fixed in
version 4:4.3.10-19.
For the unstable distribution (sid) these p...
Get the latest Linux and open source security news straight to your inbox.