CVE-2007-1661

Perl-Compatible Regular Expression (PCRE) library before 7.3 backtracks too far when matching certain input bytes against some regex patterns in non-UTF-8 mode, which allows context-dependent attackers to obtain sensitive information or cause a denial of service (crash), as demonstrated by the "\X?\d" and "\P{L}?\d" patterns.

🔗 References (88)

• cve@mitrehttp://bugs.gentoo.org/show_bug.cgi?id=198976
• cve@mitrehttp://docs.info.apple.com/article.html?artnum=307179
• cve@mitrehttp://docs.info.apple.com/article.html?artnum=307562
• cve@mitrehttp://lists.apple.com/archives/security-announce/2007/Dec/msg00002.html
• cve@mitrehttp://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html
• cve@mitrehttp://mail.gnome.org/archives/gtk-devel-list/2007-November/msg00022.html
• cve@mitrehttp://secunia.com/advisories/27538
• cve@mitrehttp://secunia.com/advisories/27543
• cve@mitrehttp://secunia.com/advisories/27554
• cve@mitrehttp://secunia.com/advisories/27697
• cve@mitrehttp://secunia.com/advisories/27741
• cve@mitrehttp://secunia.com/advisories/27773
• cve@mitrehttp://secunia.com/advisories/28136
• cve@mitrehttp://secunia.com/advisories/28406
• cve@mitrehttp://secunia.com/advisories/28414