CVE-2007-1660

Name of the Vulnerable Software and Affected Versions libpcre versions prior to 7.0 libpcre3 versions prior to 7.0 libpcrecpp0 version not specified pcre-32bit version not specified pcregrep version not specified pcre-devel version not specified libpcre3-dev version not specified pgrep version not specified

Description The issue concerns multiple vulnerabilities in the PCRE library, which can lead to disruption of confidentiality, integrity, and availability of protected information. These vulnerabilities can be exploited remotely. The problem is related to the improper calculation of sizes for unspecified "multiple forms of character class" in the Perl-Compatible Regular Expression (PCRE) library before version 7.0, triggering a buffer overflow that allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code.

Recommendations For libpcre versions prior to 7.0, update to version 7.0 or later. For libpcre3 versions prior to 7.0, update to version 7.0 or later. For libpcrecpp0, at the moment, there is no information about a newer version that contains a fix for this vulnerability. For pcre-32bit, at the moment, there is no information about a newer version that contains a fix for this vulnerability. For pcregrep, at the moment, there is no information about a newer version that contains a fix for this vulnerability. For pcre-devel, at the moment, there is no information about a newer version that contains a fix for this vulnerability. For libpcre3-dev, at the moment, there is no information about a newer version that contains a fix for this vulnerability. For pgrep, at the moment, there is no information about a newer version that contains a fix for this vulnerability.