Description

PHP5 before 5.4.4 allows passing invalid utf-8 strings via the xmlTextWriterWriteAttribute, which are then misparsed by libxml2. This results in memory leak into the resulting output.

Remediation

References

CVE-2010-4657

Related Vulnerabilities

OpenSSL DEPRECATED: Code Vulnerability (CVE-2015-0286)

Oracle Database Server CVE-2015-0468 Vulnerability (CVE-2015-0468)

Joomla Cryptographic Issues Vulnerability (CVE-2008-4122)

WordPress Plugin AIT Themes-CSV Import/Export Arbitrary File Upload (3.0.3)

WordPress Plugin All-in-One WP Migration Arbitrary File Deletion (7.58)

Severity

High

Classification

CVE-2010-4657 CWE-772 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Tags

Missing Update Known Vulnerabilities