A Heap-based buffer overflow flaw was found in the php quoted_printable_encode() function. A remote attacker could use this flaw to cause php to crash or execute arbirary code with the permission of the user running php
This flaw seems to be introduced by the following commit: http://git.php.net/?p=php-src.git;a=commitdiff;h=18bb426587d62f93c54c40bf8535eb8416603629 which fixes the bug described in https://bugs.php.net/bug.php?id=62462 This code is not present in the version of php or php53, shipped with Red Hat Enterprise Linux 5 and 6.
Statement: Not Vulnerable. This issue does not affect the version of php as shipped with Red Hat Enterprise Linux 5 and 6. This issue does not affect the version of php53 as shipped with Red Hat Enterprise Linux 5.
This issue was addressed in Fedora via the following updates: Fedora-17: https://admin.fedoraproject.org/updates/php-5.4.16-1.fc17 Fedora-18: https://admin.fedoraproject.org/updates/php-5.4.16-1.fc18 Fedora-19 (upcoming): https://admin.fedoraproject.org/updates/php-5.5.0-0.8.RC3.fc19
Upstream bug: https://bugs.php.net/bug.php?id=64879 (private) Commit: https://github.com/php/php-src/commit/93e0d78ec655f59ebfa82b2c6f8486c43651c1d0