CVE-2007-1659 (Medium) :
Perl-Compatible Regular Expression (PCRE) library before 7.3 allows context-dependent
attackers to cause a denial of service (crash) and possibly execute arbitrary code via regex
patters containing unmatched "\Q\E" sequences with orphan "\E" codes.
CVE-2007-1660 (Medium) :
Perl-Compatible Regular Expression (PCRE) library before 7.3 does not properly calculate sizes
for unspecified "multiple forms of character class", which triggers a buffer overflow that allows
context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary
code.
CVE-2007-1661 (Medium) :
Perl-Compatible Regular Expression (PCRE) library before 7.3 backtracks too far when matching
certain input bytes against some regex patterns in non-UTF-8 mode, which allows
context-dependent attackers to obtain sensitive information or cause a denial of service (crash),
as demonstrated by the "\X?\d" and "\P{L}?\d" patterns.
CVE-2007-1662 (Medium) :
Perl-Compatible Regular Expression (PCRE) library before 7.3 reads past the end of the string
when searching for unmatched brackets and parentheses, which allows context-dependent
attackers to cause a denial of service (crash), possibly involving forward references.
CVE-2007-4766 (High) :
Multiple integer overflows in Perl-Compatible Regular Expression (PCRE) library before 7.3 allow
context-dependent attackers to cause a denial of service (crash) or execute arbitrary code via
unspecified escape (backslash) sequences.
CVE-2007-4767 (Medium) :
Perl-Compatible Regular Expression (PCRE) library before 7.3 does not properly compute the
length of (1) a \p sequence, (2) a \P sequence, or (3) a \P{x} sequence, which allows
context-dependent attackers to cause a denial of service (infinite loop or crash) or execute
arbitrary code.
CVE-2007-4768 (Medium) :
Heap-based buffer overflow in Perl-Compatible Regular Expression (PCRE) library before 7.3
allows context-dependent attackers to execute arbitrary code via a singleton Unicode sequence
in a character class in a regex pattern, which is incorrectly optimized.
CVE-2008-0553 (HIGH-Network exploitable) :
Stack-based buffer overflow in the ReadImage function in tkImgGIF.c in Tk (Tcl/Tk) before 8.5.1
allows remote attackers to execute arbitrary code via a crafted GIF image, a similar issue to
CVE-2006-4484.
Christian Wiese
Alejandro Mery
Aldas Nabazas