CVE-2007-4768

Heap-based buffer overflow in Perl-Compatible Regular Expression (PCRE) library before 7.3 allows context-dependent attackers to execute arbitrary code via a singleton Unicode sequence in a character class in a regex pattern, which is incorrectly optimized.

🔗 References (120)

• cve@mitrehttp://bugs.gentoo.org/show_bug.cgi?id=198976
• cve@mitrehttp://docs.info.apple.com/article.html?artnum=307179
• cve@mitrehttp://docs.info.apple.com/article.html?artnum=307562
• cve@mitrehttp://lists.apple.com/archives/security-announce/2007/Dec/msg00002.html
• cve@mitrehttp://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html
• cve@mitrehttp://lists.opensuse.org/opensuse-security-announce/2007-12/msg00007.html
• cve@mitrehttp://mail.gnome.org/archives/gtk-devel-list/2007-November/msg00022.html
• cve@mitrehttp://secunia.com/advisories/27538
• cve@mitrehttp://secunia.com/advisories/27543
• cve@mitrehttp://secunia.com/advisories/27554
• cve@mitrehttp://secunia.com/advisories/27697
• cve@mitrehttp://secunia.com/advisories/27741
• cve@mitrehttp://secunia.com/advisories/28136
• cve@mitrehttp://secunia.com/advisories/28157
• cve@mitrehttp://secunia.com/advisories/28161