Launchpad.net

CVE 2007-1660

Perl-Compatible Regular Expression (PCRE) library before 7.0 does not properly calculate sizes for unspecified "multiple forms of character class", which triggers a buffer overflow that allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code.

Related bugs and status

CVE-2007-1660 (Candidate) is related to these bugs:

Bug #160454: [pcre3] several security issues in Perl-Compatible Regular Expression library

		In	Importance	Status
160454	[pcre3] several security issues in Perl-Compatible Regular Expression library	pcre3 (Ubuntu)	Undecided	Fix Released
160454	[pcre3] several security issues in Perl-Compatible Regular Expression library	pcre3 (Ubuntu Dapper)	Medium	Fix Released
160454	[pcre3] several security issues in Perl-Compatible Regular Expression library	pcre3 (Ubuntu Edgy)	Medium	Fix Released
160454	[pcre3] several security issues in Perl-Compatible Regular Expression library	pcre3 (Ubuntu Hardy)	Undecided	Fix Released
160454	[pcre3] several security issues in Perl-Compatible Regular Expression library	pcre3 (Ubuntu Gutsy)	Medium	Fix Released
160454	[pcre3] several security issues in Perl-Compatible Regular Expression library	pcre3 (Ubuntu Feisty)	Medium	Fix Released

See the

CVE page on Mitre.org for more details.

References

DEBIAN: DSA-1399
MLIST: [gtk-devel-list] 20071...
CONFIRM: https://issues.rpath.c...
REDHAT: RHSA-2007:0967
REDHAT: RHSA-2007:0968
MANDRIVA: MDKSA-2007:211
MANDRIVA: MDKSA-2007:212
MANDRIVA: MDKSA-2007:213
BID: 26346
SECTRACK: 1018895
SECUNIA: 27598
SECUNIA: 27538
SECUNIA: 27543
SECUNIA: 27547
SECUNIA: 27554
GENTOO: GLSA-200711-30
SECUNIA: 27741
CONFIRM: http://support.avaya.c...
REDHAT: RHSA-2007:1063
REDHAT: RHSA-2007:1065
SUSE: SUSE-SA:2007:062
SECUNIA: 27773
SECUNIA: 27697
SECUNIA: 27862
SECUNIA: 27776
SUSE: SUSE-SR:2007:025
CONFIRM: http://docs.info.apple...
APPLE: APPLE-SA-2007-12-17
CERT: TA07-352A
SECUNIA: 27965
SECUNIA: 28136
MISC: http://bugs.gentoo.org...
GENTOO: GLSA-200801-02
SECUNIA: 28406
SECUNIA: 28414
GENTOO: GLSA-200801-18
GENTOO: GLSA-200801-19
SUSE: SUSE-SA:2008:004
SECUNIA: 28658
SECUNIA: 28714
SECUNIA: 28720
CONFIRM: http://docs.info.apple...
APPLE: APPLE-SA-2008-03-18
SECUNIA: 29420
MLIST: [Security-announce] 20...
SECUNIA: 29785
GENTOO: GLSA-200805-11
SECUNIA: 30155
SECUNIA: 30219
REDHAT: RHSA-2008:0546
SECUNIA: 31124
CONFIRM: https://bugzilla.redha...
DEBIAN: DSA-1570
SECUNIA: 30106
VUPEN: ADV-2007-3725
VUPEN: ADV-2007-3790
VUPEN: ADV-2007-4238
VUPEN: ADV-2008-0924
VUPEN: ADV-2008-1234
XF: pcre-character-class-d...
OVAL: oval:org.mitre.oval:de...
UBUNTU: USN-547-1
BUGTRAQ: 20071106 rPSA-2007-023...
BUGTRAQ: 20071112 FLEA-2007-006...
BUGTRAQ: 20080416 VMSA-2008-000...