Red Hat Bugzilla – Bug 439298
CVE-2008-1384 php crash caused by sprintf() integer overflow
Last modified: 2008-03-27 19:02:00 EDT
Common Vulnerabilities and Exposures assigned an identifier CVE-2008-1384 to the following vulnerability:
Integer overflow in PHP 5.2.5 and earlier allows context-dependent attackers to cause a denial of service and possibly have unspecified other impact via a printf format parameter with a large width specifier, related to the php_sprintf_appendstring function in formatted_print.c and probably other functions for formatted strings (aka *printf functions).
Red Hat does not consider this a security vulnerability. This can not be
exploited into arbitrary code execution. Moreover, format strings are not likely
to be under attacker's control.