Unrated severityNVD Advisory· Published Jun 4, 2007· Updated Jun 16, 2026
CVE-2007-2872
CVE-2007-2872
Description
Multiple integer overflows in the chunk_split function in PHP 5 before 5.2.3 and PHP 4 before 4.4.8 allow remote attackers to cause a denial of service (crash) or execute arbitrary code via the (1) chunks, (2) srclen, and (3) chunklen arguments.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
18cpe:2.3:a:php:php:*:*:*:*:*:*:*:*+ 17 more
- cpe:2.3:a:php:php:*:*:*:*:*:*:*:*range: <=4.4.7
- cpe:2.3:a:php:php:5.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:5.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:5.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:5.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:5.0.4:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:5.0.5:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:5.1.0:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:5.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:5.1.2:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:5.1.3:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:5.1.4:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:5.1.5:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:5.1.6:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:5.2.0:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:5.2.1:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:5.2.2:*:*:*:*:*:*:*
- (no CPE)range: >=5.0,<5.2.3
Patches
Vulnerability mechanics
References
58- www.php.net/releases/5_2_3.phpnvdPatch
- rhn.redhat.com/errata/RHSA-2007-0889.htmlnvdVendor Advisory
- secunia.com/advisories/25456nvdVendor Advisory
- secunia.com/advisories/25535nvdVendor Advisory
- secunia.com/advisories/26048nvdVendor Advisory
- secunia.com/advisories/26231nvdVendor Advisory
- secunia.com/advisories/26838nvdVendor Advisory
- secunia.com/advisories/26871nvdVendor Advisory
- secunia.com/advisories/26895nvdVendor Advisory
- secunia.com/advisories/26930nvdVendor Advisory
- secunia.com/advisories/26967nvdVendor Advisory
- secunia.com/advisories/27037nvdVendor Advisory
- secunia.com/advisories/27102nvdVendor Advisory
- secunia.com/advisories/27110nvdVendor Advisory
- secunia.com/advisories/27351nvdVendor Advisory
- secunia.com/advisories/27377nvdVendor Advisory
- secunia.com/advisories/27545nvdVendor Advisory
- secunia.com/advisories/27864nvdVendor Advisory
- secunia.com/advisories/28318nvdVendor Advisory
- secunia.com/advisories/28658nvdVendor Advisory
- secunia.com/advisories/30040nvdVendor Advisory
- www.redhat.com/support/errata/RHSA-2007-0888.htmlnvdVendor Advisory
- www.redhat.com/support/errata/RHSA-2007-0890.htmlnvdVendor Advisory
- h20000.www2.hp.com/bizsupport/TechSupport/Document.jspnvd
- h20000.www2.hp.com/bizsupport/TechSupport/Document.jspnvd
- lists.opensuse.org/opensuse-security-announce/2007-07/msg00006.htmlnvd
- lists.opensuse.org/opensuse-security-announce/2008-01/msg00006.htmlnvd
- osvdb.org/36083nvd
- secunia.com/advisories/28750nvd
- secunia.com/advisories/28936nvd
- slackware.com/security/viewer.phpnvd
- slackware.com/security/viewer.phpnvd
- support.avaya.com/elmodocs2/security/ASA-2007-449.htmnvd
- www.gentoo.org/security/en/glsa/glsa-200710-02.xmlnvd
- www.mandriva.com/security/advisoriesnvd
- www.openpkg.com/security/advisories/OpenPKG-SA-2007.020.htmlnvd
- www.php.net/ChangeLog-4.phpnvd
- www.php.net/releases/4_4_8.phpnvd
- www.redhat.com/support/errata/RHSA-2007-0891.htmlnvd
- www.sec-consult.com/291.htmlnvd
- www.securityfocus.com/archive/1/470244/100/0/threadednvd
- www.securityfocus.com/archive/1/491693/100/0/threadednvd
- www.securityfocus.com/bid/24261nvd
- www.securitytracker.com/idnvd
- www.trustix.org/errata/2007/0023/nvd
- www.ubuntu.com/usn/usn-549-2nvd
- www.vupen.com/english/advisories/2007/2061nvd
- www.vupen.com/english/advisories/2007/3386nvd
- www.vupen.com/english/advisories/2008/0059nvd
- www.vupen.com/english/advisories/2008/0398nvd
- exchange.xforce.ibmcloud.com/vulnerabilities/39398nvd
- issues.rpath.com/browse/RPL-1693nvd
- issues.rpath.com/browse/RPL-1702nvd
- launchpad.net/bugs/173043nvd
- oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9424nvd
- usn.ubuntu.com/549-1/nvd
- www.redhat.com/archives/fedora-package-announce/2007-September/msg00354.htmlnvd
- www.redhat.com/archives/fedora-package-announce/2007-September/msg00397.htmlnvd
News mentions
0No linked articles in our index yet.