CVE-2007-4661
PHP 5.2.3 - Heap-Based Buffer Overflow in chunk_split Function
Title source: llmDescription
The chunk_split function in string.c in PHP 5.2.3 does not properly calculate the needed buffer size due to precision loss when performing integer arithmetic with floating point numbers, which has unknown attack vectors and impact, possibly resulting in a heap-based buffer overflow. NOTE: this is due to an incomplete fix for CVE-2007-2872.
References (14)
Core 14
Core References
Various Sources x_refsource_confirm
https://launchpad.net/bugs/173043
Mailing List vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2008-01/msg00006.html
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/28658
Third Party Advisory vendor-advisory
x_refsource_gentoo
http://www.gentoo.org/security/en/glsa/glsa-200710-02.xml
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/27864
Vendor Advisory x_refsource_confirm
http://www.php.net/ChangeLog-5.php#5.2.4
Vendor Advisory vendor-advisory
x_refsource_ubuntu
https://usn.ubuntu.com/549-1/
Issue Tracking x_refsource_confirm
https://issues.rpath.com/browse/RPL-1702
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/26838
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/27102
Patch x_refsource_confirm
http://www.php.net/releases/5_2_4.php
Vendor Advisory vendor-advisory
x_refsource_ubuntu
http://www.ubuntu.com/usn/usn-549-2
Exploit x_refsource_misc
http://cvs.php.net/viewvc.cgi/php-src/ext/standard/string.c?r1=1.445.2.14.2.58&r2=1.445.2.14.2.59
Patch third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/26642
Scores
EPSS
0.0461
EPSS Percentile
89.4%
Details
CWE
CWE-119
CWE-399
Status
published
Products (1)
php/php
5.2.3
Published
Sep 04, 2007
Tracked Since
Feb 18, 2026