PublicDate: 2007-04-06 01:19:00 UTC
Candidate: CVE-2007-1888
References:
 https://ubuntu.com/security/notices/USN-455-1
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1888
Description:
 Buffer overflow in the sqlite_decode_binary function in src/encode.c in
 SQLite 2, as used by PHP 4.x through 5.x and other applications, allows
 context-dependent attackers to execute arbitrary code via an empty value of
 the in parameter.  NOTE: some PHP installations use a bundled version of
 sqlite without this vulnerability.  The SQLite developer has argued that
 this issue could be due to a misuse of the sqlite_decode_binary() API.
Ubuntu-Description:
Notes:
Priority: untriaged
Discovered-by:
Assigned-to:
CVSS:

Bugs:
upstream_php5: released (5.2.2)
dapper_php5: released (5.1.2-1ubuntu3.9)
edgy_php5: released (5.1.6-1ubuntu2.6)
feisty_php5: released (5.2.1-0ubuntu1.4)
devel_php5: not-affected
dapper_sqlite: ignored (not a bug in sqlite)
edgy_sqlite: ignored (not a bug in sqlite)
feisty_sqlite: ignored (not a bug in sqlite)
devel_sqlite: released (2.8.17-2.1build1)
upstream_sqlite: needs-triage