PT-2007-2806 · Clibpdf+1 · Clibpdf+1

Rgod

Published

2007-03-12

Updated

2017-10-11

CVE-2007-1412

CVSS v2.0

7.8

High

Vector

AV:N/AC:L/Au:N/C:C/I:N/A:N

Name of the Vulnerable Software and Affected Versions PHP version 4.4.6

Description The issue allows context-dependent attackers to obtain sensitive information, specifically script source code, by providing a long string in the second argument to the cpdf open function in the ClibPDF (cpdf) extension.

Recommendations For PHP version 4.4.6, consider restricting the use of the cpdf open function until a patch is available, or apply configuration changes to limit the input length for the second argument to prevent exploitation.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2007-1412

Affected Products

Clibpdf

Php

PT-2007-2806 · Clibpdf+1 · Clibpdf+1

CVE-2007-1412

Related Identifiers

Affected Products

References · 7