PT-2007-2965 · Php · Php+1

Stefan Esser

Published

2007-03-21

Updated

2018-10-30

CVE-2007-1582

CVSS v2.0

6.8

Medium

Vector

AV:N/AC:M/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions PHP versions 4.0.0 through 4.4.6 PHP versions 5.0.0 through 5.2.1

Description The issue allows context-dependent attackers to execute arbitrary code by interrupting certain functions in the GD extension and other extensions via a userspace error handler. This can be used to destroy and modify internal resources.

Recommendations For PHP versions 4.0.0 through 4.4.6, update to a version outside of this range to mitigate the risk. For PHP versions 5.0.0 through 5.2.1, update to a version outside of this range to mitigate the risk. As a temporary workaround, consider restricting the use of the GD extension and other affected extensions until a patch is available.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2007-1582

Affected Products

Gd Extension

Php

PT-2007-2965 · Php · Php+1

CVE-2007-1582

Related Identifiers

Affected Products

References · 7