CVE-2013-2110

Publication date 10 June 2013

Last updated 24 July 2024

Ubuntu priority

Medium

Why this priority?

Heap-based buffer overflow in the php_quot_print_encode function in ext/standard/quot_print.c in PHP before 5.3.26 and 5.4.x before 5.4.16 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted argument to the quoted_printable_encode function.

Read the notes from the security team

Status

Package Ubuntu Release Status
php5 13.04 raring
Fixed 5.4.9-4ubuntu2.1
12.10 quantal
Not affected
12.04 LTS precise
Not affected
10.04 LTS lucid
Not affected

Notes

mdeslaur

introduced in: http://git.php.net/?p=php-src.git;a=commitdiff;h=18bb426587d62f93c54c40bf8535eb8416603629 so, only affects raring+

Patch details

For informational purposes only. We recommend not to cherry-pick updates. How can I get the fixes?

Package Patch details
php5

References

Related Ubuntu Security Notices (USN)

Other references