VYPR
Critical severity9.8NVD Advisory· Published Mar 10, 2007· Updated Jun 16, 2026

CVE-2007-1399

CVE-2007-1399

Description

Stack-based buffer overflow in the zip:// URL wrapper in PECL ZIP 1.8.3 and earlier, as bundled with PHP 5.2.0 and 5.2.1, allows remote attackers to execute arbitrary code via a long zip:// URL, as demonstrated by actively triggering URL access from a remote PHP interpreter via avatar upload or blog pingback.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

6
  • PHP/PHPinferred4 versions
    >=5.2.0,<=5.2.1+ 3 more
    • (no CPE)range: >=5.2.0,<=5.2.1
    • cpe:2.3:a:php:php:5.2.0:*:*:*:*:*:*:*
    • cpe:2.3:a:php:php:5.2.1:*:*:*:*:*:*:*
    • (no CPE)range: 5.2.0 - 5.2.1
  • cpe:2.3:a:pierrejoye:php_zip:*:*:*:*:*:php:*:*
    Range: <1.8.4
  • Range: <=1.8.3

Patches

Vulnerability mechanics

References

10

News mentions

0

No linked articles in our index yet.