SecuritySpace - CVE-2007-3294

Vulnerability Search		Search 324607 CVE descriptions and 145615 test descriptions, access 10,000+ cross references.
	Tests CVE All

CVE ID: CVE-2007-3294

Description: Multiple buffer overflows in libtidy, as used in the Tidy extension for PHP 5.2.3 and possibly other products, allow context-dependent attackers to execute arbitrary code via (1) a long second argument to the tidy_parse_string function or (2) an unspecified vector to the tidy_repair_string function. NOTE: this might only be an issue in environments where vsnprintf is implemented as a wrapper for vsprintf.

Test IDs: None available

Cross References: Common Vulnerability Exposure (CVE) ID: CVE-2007-3294
https://www.exploit-db.com/exploits/4080
http://osvdb.org/36853
http://secunia.com/advisories/25735
XForce ISS Database: php-tidy-parsestring-bo(34931)
https://exchange.xforce.ibmcloud.com/vulnerabilities/34931

CVE ID:	CVE-2007-3294
Description:	Multiple buffer overflows in libtidy, as used in the Tidy extension for PHP 5.2.3 and possibly other products, allow context-dependent attackers to execute arbitrary code via (1) a long second argument to the tidy_parse_string function or (2) an unspecified vector to the tidy_repair_string function. NOTE: this might only be an issue in environments where vsnprintf is implemented as a wrapper for vsprintf.
Test IDs:	None available
Cross References:	Common Vulnerability Exposure (CVE) ID: CVE-2007-3294 https://www.exploit-db.com/exploits/4080 http://osvdb.org/36853 http://secunia.com/advisories/25735 XForce ISS Database: php-tidy-parsestring-bo(34931) https://exchange.xforce.ibmcloud.com/vulnerabilities/34931