Unrated severityNVD Advisory· Published Mar 10, 2007· Updated Apr 23, 2026

CVE-2007-1381

Description

The wddx_deserialize function in wddx.c 1.119.2.10.2.12 and 1.119.2.10.2.13 in PHP 5, as modified in CVS on 20070224 and fixed on 20070304, calls strlcpy where strlcat was intended and uses improper arguments, which allows context-dependent attackers to execute arbitrary code via a WDDX packet with a malformed overlap of a STRING element, which triggers a buffer overflow.

Affected products

PHP/PHP
cpe:2.3:a:php:php:5.0.0:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.php-security.org/MOPB/MOPB-09-2007.htmlnvdExploit
cvs.php.net/viewvc.cgi/php-src/ext/wddx/wddx.cnvd
cvs.php.net/viewvc.cgi/php-src/ext/wddx/wddx.cnvd
www.osvdb.org/32775nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.004
exploit	0.030
kev	0.000
patch	0.000
ransomware	0.000