PHP5 -- Heap corruption in XML parser

ID 31B145F2-D9D3-49A9-8023-11CF742205DC
Type freebsd
Reporter FreeBSD
Modified 2013-07-10T00:00:00


The PHP development team reports:

ext/xml/xml.c in PHP before 5.3.27 does not properly consider parsing depth, which allows remote attackers to cause a denial of service (heap memory corruption) or possibly have unspecified other impact via a crafted document that is processed by the xml_parse_into_struct function.