CVE-2007-3294

Php - Memory Corruption

Title source: rule

Description

Multiple buffer overflows in libtidy, as used in the Tidy extension for PHP 5.2.3 and possibly other products, allow context-dependent attackers to execute arbitrary code via (1) a long second argument to the tidy_parse_string function or (2) an unspecified vector to the tidy_repair_string function. NOTE: this might only be an issue in environments where vsnprintf is implemented as a wrapper for vsprintf.

Exploits (1)

exploitdb WORKING POC VERIFIED
by rgod · phplocalwindows
https://www.exploit-db.com/exploits/4080

References (4)

Scores

EPSS 0.0702
EPSS Percentile 91.5%

Details

CWE
CWE-119
Status published
Products (1)
php/php 5.2.3
Published Jun 20, 2007
Tracked Since Feb 18, 2026