PublicDate: 2007-06-04 17:30:00 UTC
Candidate: CVE-2007-2872
References: 
 https://ubuntu.com/security/notices/USN-549-1
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2872
Description:
 Multiple integer overflows in the chunk_split function in PHP 5 before
 5.2.3 and PHP 4 before 4.4.8 allow remote attackers to cause a denial of
 service (crash) or execute arbitrary code via the (1) chunks, (2) srclen,
 and (3) chunklen arguments.
Ubuntu-Description: 
Notes: 
 jdstrand> see CVE-2007-4661 for complete fix
Bugs: 
Priority: low
Discovered-by:
Assigned-to: kees
CVSS: 
upstream_php5: released (5.2.4)
dapper_php5: released (5.1.2-1ubuntu3.10)
edgy_php5: released (5.1.6-1ubuntu2.7)
feisty_php5: released (5.2.1-0ubuntu1.5)
gutsy_php5: released (5.2.3-1ubuntu6.1)
devel_php5: not-affected (5.2.4-2ubuntu3)