Heap
09-11-07, 15:40
Multiple integer overflows in Perl-Compatible Regular Expression (PCRE) library before 6.7 allow context-dependent attackers to execute arbitrary code via a regular expression containing (1) a large number of named subpatterns (name_count), (2) long subpattern names (max_name_size), (3) a repeated subpattern with a long name, or (4) an unspecified vector involving the (a) max, (b) min, and (c) duplength variables in the length calculation in pcre_compile.
More... (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2006-7224)
More... (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2006-7224)