Описание
PHP5 before 5.4.4 allows passing invalid utf-8 strings via the xmlTextWriterWriteAttribute, which are then misparsed by libxml2. This results in memory leak into the resulting output.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| php5 | fixed | 5.4.4-1 | package | |
| php5 | no-dsa | squeeze | package |
Примечания
https://bugzilla.gnome.org/show_bug.cgi?id=631551
Not sure when this was initially fixed, tested with the initial Wheezy version 5.4.4
and the reproducer from https://bugs.launchpad.net/php/%2Bbug/655442
EPSS
Связанные уязвимости
PHP5 before 5.4.4 allows passing invalid utf-8 strings via the xmlTextWriterWriteAttribute, which are then misparsed by libxml2. This results in memory leak into the resulting output.
PHP5 before 5.4.4 allows passing invalid utf-8 strings via the xmlTextWriterWriteAttribute, which are then misparsed by libxml2. This results in memory leak into the resulting output.
PHP5 before 5.4.4 allows passing invalid utf-8 strings via the xmlTextWriterWriteAttribute, which are then misparsed by libxml2. This results in memory leak into the resulting output.
PHP5 before 5.4.4 allows passing invalid utf-8 strings via the xmlTextWriterWriteAttribute, which are then misparsed by libxml2. This results in memory leak into the resulting output.
Уязвимость компонента XMLWriter интерпретатора языка программирования PHP, позволяющая нарушителю раскрыть защищаемую информацию
EPSS