CVE-2007-3944
Apple Safari 3 Beta - Remote Code Execution via JavaScript Regular Expression Handling
Title source: llmDescription
Multiple heap-based buffer overflows in the Perl Compatible Regular Expressions (PCRE) library in the JavaScript engine in WebKit in Apple Safari 3 Beta before Update 3.0.3, and iPhone before 1.0.1, allow remote attackers to execute arbitrary code via certain JavaScript regular expressions. NOTE: this issue was originally reported only for MobileSafari on the iPhone. NOTE: it is not clear whether this stems from an issue in the original distribution of PCRE, which might already have a separate CVE identifier.
References (11)
Core 11
Core References
Vendor Advisory x_refsource_confirm
http://docs.info.apple.com/article.html?artnum=306173
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/25002
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/35577
Vendor Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2007/2730
Various Sources x_refsource_misc
http://www.securityevaluators.com/iphone/
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id?1018439
Vendor Advisory x_refsource_confirm
http://docs.info.apple.com/article.html?artnum=306174
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/26287
Various Sources x_refsource_misc
http://www.nytimes.com/2007/07/23/technology/23iphone.html?_r=1&adxnnl=1&adxnnlx=1185163364-1OTsRJvbylLamj17FY2wnw&oref=slogin
Vendor Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2007/2731
Various Sources x_refsource_misc
http://www.securityevaluators.com/iphone/exploitingiphone.pdf
Scores
EPSS
0.0653
EPSS Percentile
93.0%
Details
CWE
CWE-119
Status
published
Products (3)
apple/iphone_os
< 1.0.0
apple/safari
3.0
apple/webkit
Published
Jul 23, 2007
Tracked Since
Feb 18, 2026