CVE-2013-2110
PHP < 5.3.26 and 5.4.x < 5.4.16 - Heap-Based Buffer Overflow via quoted_printable_encode
Title source: llmDescription
Heap-based buffer overflow in the php_quot_print_encode function in ext/standard/quot_print.c in PHP before 5.3.26 and 5.4.x before 5.4.16 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted argument to the quoted_printable_encode function.
References (6)
Core 6
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/60411
Vendor Advisory vendor-advisory
x_refsource_ubuntu
http://www.ubuntu.com/usn/USN-1872-1
Vendor Advisory x_refsource_confirm
http://www.php.net/ChangeLog-5.php
Various Sources x_refsource_confirm
https://bugs.php.net/bug.php?id=64879
Mailing List vendor-advisory
x_refsource_apple
http://lists.apple.com/archives/security-announce/2013/Sep/msg00002.html
Vendor Advisory x_refsource_confirm
http://support.apple.com/kb/HT5880
Scores
EPSS
0.0845
EPSS Percentile
92.5%
Details
CWE
CWE-119
Status
published
Products (46)
php/php
1.0
php/php
2.0
php/php
2.0b10
php/php
3.0
php/php
3.0.1
php/php
3.0.2
php/php
3.0.3
php/php
3.0.4
php/php
3.0.5
php/php
3.0.6
... and 36 more
Published
Jun 21, 2013
Tracked Since
Feb 18, 2026