CVE-2007-3944

Apple Safari 3 Beta - Remote Code Execution via JavaScript Regular Expression Handling

Title source: llm
STIX 2.1

Description

Multiple heap-based buffer overflows in the Perl Compatible Regular Expressions (PCRE) library in the JavaScript engine in WebKit in Apple Safari 3 Beta before Update 3.0.3, and iPhone before 1.0.1, allow remote attackers to execute arbitrary code via certain JavaScript regular expressions. NOTE: this issue was originally reported only for MobileSafari on the iPhone. NOTE: it is not clear whether this stems from an issue in the original distribution of PCRE, which might already have a separate CVE identifier.

References (11)

Core 11
Core References
Vendor Advisory x_refsource_confirm
http://docs.info.apple.com/article.html?artnum=306173
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/25002
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/35577
Vendor Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2007/2730
Various Sources x_refsource_misc
http://www.securityevaluators.com/iphone/
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id?1018439
Vendor Advisory x_refsource_confirm
http://docs.info.apple.com/article.html?artnum=306174
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/26287
Vendor Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2007/2731

Scores

EPSS 0.0653
EPSS Percentile 93.0%

Details

CWE
CWE-119
Status published
Products (3)
apple/iphone_os < 1.0.0
apple/safari 3.0
apple/webkit
Published Jul 23, 2007
Tracked Since Feb 18, 2026