Published: 31/08/2006 Updated: 30/10/2018
CVSS v2 Base Score: 9.3 | Impact Score: 10 | Exploitability Score: 8.6
VMScore: 828
Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C

Vulnerability Summary

Multiple heap-based buffer overflows in the (1) str_repeat and (2) wordwrap functions in ext/standard/string.c in PHP prior to 5.1.5, when used on a 64-bit system, have unspecified impact and attack vectors, a different vulnerability than CVE-2006-1990.

Vendor Advisories

The sscanf() function did not properly check array boundaries In applications which use sscanf() with argument swapping, a remote attacker could potentially exploit this to crash the affected web application or even execute arbitrary code with the application’s privileges (CVE-2006-4020) ...
Several remote vulnerabilities have been discovered in PHP, a server-side, HTML-embedded scripting language, which may lead to the execution of arbitrary code The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2005-3353 Tim Starling discovered that missing input sanitising in the EXIF module could lead ...