Your submission was sent successfully! Close

CVE-2007-1376

Published: 10 March 2007

The shmop functions in PHP before 4.4.5, and before 5.2.1 in the 5.x series, do not verify that their arguments correspond to a shmop resource, which allows context-dependent attackers to read and write arbitrary memory locations via arguments associated with an inappropriate resource, as demonstrated by a GD Image resource.

Priority

Unknown

Status

Package Release Status
php5
Launchpad, Ubuntu, Debian
Upstream
Released (5.2.1)