#VU110408 Input validation error in PHP - CVE-2007-1884

Cybersecurity Help s.r.o.

Published: 2018-10-30 | Updated: 2025-06-08

Vulnerability identifier: #VU110408

Vulnerability risk: Medium

CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2007-1884

CWE-ID: CWE-20

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
PHP
Universal components / Libraries / Scripting languages

Vendor: PHP Group

Description

The vulnerability allows a remote non-authenticated attacker to read and manipulate data.

Multiple integer signedness errors in the printf function family in PHP 4 before 4.4.5 and PHP 5 before 5.2.1 on 64 bit machines allow context-dependent attackers to execute arbitrary code via (1) certain negative argument numbers that arise in the php_formatted_print function because of 64 to 32 bit truncation, and bypass a check for the maximum allowable value; and (2) a width and precision of -1, which make it possible for the php_sprintf_appendstring function to place an internal buffer at an arbitrary memory location.

Mitigation
Install update from vendor's website.

Vulnerable software versions

PHP: 4.0.0, 4.0.1, 4.0.2, 4.0.3, 4.0.4, 4.0.5, 4.0.6, 4.0.7, 4.1, 4.1.1, 4.1.2, 4.2, 4.2.1, 4.2.2, 4.2.3, 4.3, 4.3.1, 4.3.2, 4.3.3, 4.3.4, 4.3.5, 4.3.6, 4.3.7, 4.3.8, 4.3.9, 4.3.10, 4.3.11, 4.4, 4.4.1, 4.4.2, 4.4.3, 4.4.4

External links
https://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c01056506
https://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c01086137
https://secunia.com/advisories/25423
https://secunia.com/advisories/25850
https://www.osvdb.org/33955
https://www.osvdb.org/34767
https://www.php.net/releases/5_2_1.php
https://www.php-security.org/MOPB/MOPB-38-2007.html
https://www.securityfocus.com/bid/23219
https://www.vupen.com/english/advisories/2007/1991
https://www.vupen.com/english/advisories/2007/2374
https://exchange.xforce.ibmcloud.com/vulnerabilities/33755

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Multiple vulnerabilities in PHP