VYPR
← All advisories
Unrated severityNVD Advisory· Published Nov 17, 2003· Updated Jun 16, 2026

CVE-2003-0861

CVE-2003-0861

Description

Integer overflows in (1) base64_encode and (2) the GD library for PHP before 4.3.3 have unknown impact and unknown attack vectors.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

26
  • PHP/PHP26 versions
    cpe:2.3:a:php:php:4.0:*:*:*:*:*:*:*+ 25 more
    • cpe:2.3:a:php:php:4.0:*:*:*:*:*:*:*
    • cpe:2.3:a:php:php:4.0.1:*:*:*:*:*:*:*
    • cpe:2.3:a:php:php:4.0.1:patch1:*:*:*:*:*:*
    • cpe:2.3:a:php:php:4.0.1:patch2:*:*:*:*:*:*
    • cpe:2.3:a:php:php:4.0.2:*:*:*:*:*:*:*
    • cpe:2.3:a:php:php:4.0.3:*:*:*:*:*:*:*
    • cpe:2.3:a:php:php:4.0.3:patch1:*:*:*:*:*:*
    • cpe:2.3:a:php:php:4.0.4:*:*:*:*:*:*:*
    • cpe:2.3:a:php:php:4.0.5:*:*:*:*:*:*:*
    • cpe:2.3:a:php:php:4.0.6:*:*:*:*:*:*:*
    • cpe:2.3:a:php:php:4.0.7:*:*:*:*:*:*:*
    • cpe:2.3:a:php:php:4.0.7:rc1:*:*:*:*:*:*
    • cpe:2.3:a:php:php:4.0.7:rc2:*:*:*:*:*:*
    • cpe:2.3:a:php:php:4.0.7:rc3:*:*:*:*:*:*
    • cpe:2.3:a:php:php:4.1.0:*:*:*:*:*:*:*
    • cpe:2.3:a:php:php:4.1.1:*:*:*:*:*:*:*
    • cpe:2.3:a:php:php:4.1.2:*:*:*:*:*:*:*
    • cpe:2.3:a:php:php:4.2.0:*:*:*:*:*:*:*
    • cpe:2.3:a:php:php:4.2.1:*:*:*:*:*:*:*
    • cpe:2.3:a:php:php:4.2.2:*:*:*:*:*:*:*
    • cpe:2.3:a:php:php:4.2.3:*:*:*:*:*:*:*
    • cpe:2.3:a:php:php:4.2:*:dev:*:*:*:*:*
    • cpe:2.3:a:php:php:4.3.0:*:*:*:*:*:*:*
    • cpe:2.3:a:php:php:4.3.1:*:*:*:*:*:*:*
    • cpe:2.3:a:php:php:4.3.2:*:*:*:*:*:*:*
    • (no CPE)range: <4.3.3

Patches

Vulnerability mechanics

Root cause

"Integer overflow in base64_encode and the GD library in PHP before 4.3.3."

Attack vector

The advisory [ref_id=1] records that integer overflows were fixed in `base64_encode` and the GD library in PHP before 4.3.3. No attack vector, preconditions, or exploitation scenario is described — the Changelog entries simply state that the bugs were addressed. Because the advisory lacks any payload shape, network path, or attacker requirements, the specific mechanism an attacker would use remains unknown from this source.

What the fix does

The patch (not included in the bundle) is referenced only via the changelog entry for PHP 4.3.3 [ref_id=1], which states that integer overflows in `base64_encode` and the GD library were fixed. Without seeing the diff, the precise changes — such as adding bounds checks or using wider integer types — cannot be confirmed. The advisory recommends upgrading to PHP 4.3.3 or later to obtain the fixes.

Generated on Jun 16, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.

References

2

News mentions

0

No linked articles in our index yet.