Upstream information
Description
PHP 4.0.0 through 4.4.6 and 5.0.0 through 5.2.1 allows context-dependent attackers to read arbitrary memory locations via an interruption that triggers a user space error handler that changes a parameter to an arbitrary pointer, as demonstrated via the iptcembed function, which calls certain convert_to_* functions with its input parameters.SUSE information
Overall state of this security issue: Resolved
This issue is currently rated as having important severity.
| National Vulnerability Database | |
|---|---|
| Base Score | 7.8 |
| Vector | AV:N/AC:L/Au:N/C:C/I:N/A:N |
| Access Vector | Network |
| Access Complexity | Low |
| Authentication | None |
| Confidentiality Impact | Complete |
| Integrity Impact | None |
| Availability Impact | None |
SUSE Timeline for this CVE
CVE page created: Fri Jun 28 03:01:34 2013CVE page last modified: Fri Oct 7 12:45:36 2022