Debian Pcre3 vulnerabilities

CVE-2007-4766 [HIGH] CVE-2007-4766: glib2.0 - Multiple integer overflows in Perl-Compatible Regular Expression (PCRE) library ... Multiple integer overflows in Perl-Compatible Regular Expression (PCRE) library before 7.3 allow context-dependent attackers to cause a denial of service (crash) or execute arbitrary code via unspecified escape (backslash) sequences. Scope: local bookworm: resolved (fixed in 2.14.3-1) bullseye: resolved (fixed in 2.14.3-1) forky: resolved (fixed in 2.14.3-1) sid: reso

CVE-2007-4768 [MEDIUM] CVE-2007-4768: glib2.0 - Heap-based buffer overflow in Perl-Compatible Regular Expression (PCRE) library ... Heap-based buffer overflow in Perl-Compatible Regular Expression (PCRE) library before 7.3 allows context-dependent attackers to execute arbitrary code via a singleton Unicode sequence in a character class in a regex pattern, which is incorrectly optimized. Scope: local bookworm: resolved (fixed in 2.14.3-1) bullseye: resolved (fixed in 2.14.3-1) forky: resolved (fi

CVE-2007-4767 [MEDIUM] CVE-2007-4767: glib2.0 - Perl-Compatible Regular Expression (PCRE) library before 7.3 does not properly c... Perl-Compatible Regular Expression (PCRE) library before 7.3 does not properly compute the length of (1) a \p sequence, (2) a \P sequence, or (3) a \P{x} sequence, which allows context-dependent attackers to cause a denial of service (infinite loop or crash) or execute arbitrary code. Scope: local bookworm: resolved (fixed in 2.14.3-1) bullseye: resolved (fixed in 2

CVE-2007-1659 [MEDIUM] CVE-2007-1659: glib2.0 - Perl-Compatible Regular Expression (PCRE) library before 7.3 allows context-depe... Perl-Compatible Regular Expression (PCRE) library before 7.3 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via regex patterns containing unmatched "\Q\E" sequences with orphan "\E" codes. Scope: local bookworm: resolved (fixed in 2.14.3-1) bullseye: resolved (fixed in 2.14.3-1) forky: resolved (fixed in 2

CVE-2007-1661 [MEDIUM] CVE-2007-1661: glib2.0 - Perl-Compatible Regular Expression (PCRE) library before 7.3 backtracks too far ... Perl-Compatible Regular Expression (PCRE) library before 7.3 backtracks too far when matching certain input bytes against some regex patterns in non-UTF-8 mode, which allows context-dependent attackers to obtain sensitive information or cause a denial of service (crash), as demonstrated by the "\X?\d" and "\P{L}?\d" patterns. Scope: local bookworm: resolved (fixed i

CVE-2006-7227 [MEDIUM] CVE-2006-7227: pcre3 - Integer overflow in Perl-Compatible Regular Expression (PCRE) library before 6.7... Integer overflow in Perl-Compatible Regular Expression (PCRE) library before 6.7 allows context-dependent attackers to execute arbitrary code via a regular expression containing a large number of named subpatterns (name_count) or long subpattern names (max_name_size), which triggers a buffer overflow. NOTE: this issue was originally subsumed by CVE-2006-7224, but that

CVE-2006-7228 [MEDIUM] CVE-2006-7228: pcre3 - Integer overflow in Perl-Compatible Regular Expression (PCRE) library before 6.7... Integer overflow in Perl-Compatible Regular Expression (PCRE) library before 6.7 might allow context-dependent attackers to execute arbitrary code via a regular expression that involves large (1) min, (2) max, or (3) duplength values that cause an incorrect length calculation and trigger a buffer overflow, a different vulnerability than CVE-2006-7227. NOTE: this issue

CVE-2006-7230 [MEDIUM] CVE-2006-7230: pcre3 - Perl-Compatible Regular Expression (PCRE) library before 7.0 does not properly c... Perl-Compatible Regular Expression (PCRE) library before 7.0 does not properly calculate the amount of memory needed for a compiled regular expression pattern when the (1) -x or (2) -i UTF-8 options change within the pattern, which allows context-dependent attackers to cause a denial of service (PCRE or glibc crash) via crafted regular expressions. Scope: local bookwo

CVE-2006-7225 [MEDIUM] CVE-2006-7225: glib2.0 - Perl-Compatible Regular Expression (PCRE) library before 6.7 allows context-depe... Perl-Compatible Regular Expression (PCRE) library before 6.7 allows context-dependent attackers to cause a denial of service (error or crash) via a regular expression that involves a "malformed POSIX character class", as demonstrated via an invalid character after a [[ sequence. Scope: local bookworm: resolved (fixed in 2.14.3-1) bullseye: resolved (fixed in 2.14.3-

CVE-2006-7226 [MEDIUM] CVE-2006-7226: glib2.0 - Perl-Compatible Regular Expression (PCRE) library before 6.7 does not properly c... Perl-Compatible Regular Expression (PCRE) library before 6.7 does not properly calculate the compiled memory allocation for regular expressions that involve a quantified "subpattern containing a named recursion or subroutine reference," which allows context-dependent attackers to cause a denial of service (error or crash). Scope: local bookworm: resolved (fixed in 2

CVE-2005-4872 [MEDIUM] CVE-2005-4872: pcre3 - Perl-Compatible Regular Expression (PCRE) library before 6.2 does not properly c... Perl-Compatible Regular Expression (PCRE) library before 6.2 does not properly count the number of named capturing subpatterns, which allows context-dependent attackers to cause a denial of service (crash) via a regular expression with a large number of named subpatterns, which triggers a buffer overflow. NOTE: this issue was originally subsumed by CVE-2006-7224, but

CVE-2005-2491 [HIGH] CVE-2005-2491: gnumeric - Integer overflow in pcre_compile.c in Perl Compatible Regular Expressions (PCRE)... Integer overflow in pcre_compile.c in Perl Compatible Regular Expressions (PCRE) before 6.2, as used in multiple products such as Python, Ethereal, and PHP, allows attackers to execute arbitrary code via quantifier values in regular expressions, which leads to a heap-based buffer overflow. Scope: local bookworm: resolved (fixed in 1.5.1-1) bullseye: resolved (fixed i