CVE-2007-4767

Perl-Compatible Regular Expression (PCRE) library before 7.3 does not properly compute the length of (1) a \p sequence, (2) a \P sequence, or (3) a \P{x} sequence, which allows context-dependent attackers to cause a denial of service (infinite loop or crash) or execute arbitrary code.

🔗 References (88)

• cve@mitrehttp://bugs.gentoo.org/show_bug.cgi?id=198976
• cve@mitrehttp://docs.info.apple.com/article.html?artnum=307179
• cve@mitrehttp://docs.info.apple.com/article.html?artnum=307562
• cve@mitrehttp://lists.apple.com/archives/security-announce/2007/Dec/msg00002.html
• cve@mitrehttp://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html
• cve@mitrehttp://mail.gnome.org/archives/gtk-devel-list/2007-November/msg00022.html
• cve@mitrehttp://secunia.com/advisories/27538
• cve@mitrehttp://secunia.com/advisories/27543
• cve@mitrehttp://secunia.com/advisories/27554
• cve@mitrehttp://secunia.com/advisories/27697
• cve@mitrehttp://secunia.com/advisories/27741
• cve@mitrehttp://secunia.com/advisories/27773
• cve@mitrehttp://secunia.com/advisories/28136
• cve@mitrehttp://secunia.com/advisories/28406
• cve@mitrehttp://secunia.com/advisories/28414