VYPR
Unrated severityNVD Advisory· Published Mar 10, 2007· Updated Jun 16, 2026

CVE-2007-1381

CVE-2007-1381

Description

The wddx_deserialize function in wddx.c 1.119.2.10.2.12 and 1.119.2.10.2.13 in PHP 5, as modified in CVS on 20070224 and fixed on 20070304, calls strlcpy where strlcat was intended and uses improper arguments, which allows context-dependent attackers to execute arbitrary code via a WDDX packet with a malformed overlap of a STRING element, which triggers a buffer overflow.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • PHP/PHP2 versions
    cpe:2.3:a:php:php:5.0.0:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:a:php:php:5.0.0:*:*:*:*:*:*:*
    • (no CPE)range: 5

Patches

Vulnerability mechanics

References

4

News mentions

0

No linked articles in our index yet.