CVE-2007-3294

Name of the Vulnerable Software and Affected Versions Tidy extension for PHP version 5.2.3

Description The issue is related to multiple buffer overflows in libtidy, which can be exploited by context-dependent attackers to execute arbitrary code. This can be achieved through a long second argument to the tidy parse string function or an unspecified vector to the tidy repair string function. The problem might be specific to environments where vsnprintf is implemented as a wrapper for vsprintf.

Recommendations For Tidy extension for PHP version 5.2.3, consider restricting the input to the tidy parse string and tidy repair string functions to prevent buffer overflows until a patch is available. As a temporary workaround, avoid using the tidy parse string and tidy repair string functions with untrusted input.