CVE-2007-1399 - Vulnerability Details - OpenCVE

Stack-based buffer overflow in the zip:// URL wrapper in PECL ZIP 1.8.3 and earlier, as bundled with PHP 5.2.0 and 5.2.1, allows remote attackers to execute arbitrary code via a long zip:// URL, as demonstrated by actively triggering URL access from a remote PHP interpreter via avatar upload or blog pingback.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Php	Php
Pierrejoye	Php Zip

Configuration 1 [-]

OR	cpe:2.3:a:php:php:5.2.0:::::::*
	cpe:2.3:a:php:php:5.2.1:::::::*
	cpe:2.3:a:pierrejoye:php_zip::::::php::*

No data.

References

Link	Providers
http://lists.suse.com/archive/suse-security-announce/2007-Mar/0003.html
http://secunia.com/advisories/24471
http://secunia.com/advisories/24514
http://secunia.com/advisories/25938
http://www.debian.org/security/2007/dsa-1330
http://www.osvdb.org/32782
http://www.php-security.org/MOPB/MOPB-16-2007.html
http://www.securityfocus.com/bid/22883
http://www.vupen.com/english/advisories/2007/0898
https://exchange.xforce.ibmcloud.com/vulnerabilities/32889

History

Thu, 11 Dec 2025 16:00:00 +0000

Type	Values Removed	Values Added
First Time appeared		Pierrejoye Pierrejoye php Zip
CPEs	cpe:2.3:a:pecl_zip:1.8.3::::::::	cpe:2.3:a:pierrejoye:php_zip::::::php::*
Vendors & Products	Pecl Zip Pecl Zip 1.8.3	Pierrejoye Pierrejoye php Zip
Metrics		cvssV3_1 `{'score': 9.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}`

Wed, 16 Jul 2025 13:45:00 +0000

Type	Values Removed	Values Added
Metrics	epss `{'score': 0.30114}`	epss `{'score': 0.37109}`

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2007-03-10T22:00:00

Updated: 2024-08-07T12:50:35.275Z

Reserved: 2007-03-10T00:00:00

Link: CVE-2007-1399

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2007-03-10T22:19:00.000

Modified: 2025-12-11T15:45:09.850

Link: CVE-2007-1399

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2007-03-09T00:00:00", "descriptions": [{"lang": "en", "value": "Stack-based buffer overflow in the zip:// URL wrapper in PECL ZIP 1.8.3 and earlier, as bundled with PHP 5.2.0 and 5.2.1, allows remote attackers to execute arbitrary code via a long zip:// URL, as demonstrated by actively triggering URL access from a remote PHP interpreter via avatar upload or blog pingback."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-07-28T12:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "http://www.php-security.org/MOPB/MOPB-16-2007.html"}, {"name": "24514", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/24514"}, {"name": "32782", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://www.osvdb.org/32782"}, {"name": "22883", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/22883"}, {"name": "SUSE-SA:2007:020", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.suse.com/archive/suse-security-announce/2007-Mar/0003.html"}, {"name": "DSA-1330", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "http://www.debian.org/security/2007/dsa-1330"}, {"name": "ADV-2007-0898", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2007/0898"}, {"name": "24471", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/24471"}, {"name": "pecl-url-wrapper-bo(32889)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32889"}, {"name": "25938", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/25938"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "[email protected]", "ID": "CVE-2007-1399", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Stack-based buffer overflow in the zip:// URL wrapper in PECL ZIP 1.8.3 and earlier, as bundled with PHP 5.2.0 and 5.2.1, allows remote attackers to execute arbitrary code via a long zip:// URL, as demonstrated by actively triggering URL access from a remote PHP interpreter via avatar upload or blog pingback."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "http://www.php-security.org/MOPB/MOPB-16-2007.html", "refsource": "MISC", "url": "http://www.php-security.org/MOPB/MOPB-16-2007.html"}, {"name": "24514", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/24514"}, {"name": "32782", "refsource": "OSVDB", "url": "http://www.osvdb.org/32782"}, {"name": "22883", "refsource": "BID", "url": "http://www.securityfocus.com/bid/22883"}, {"name": "SUSE-SA:2007:020", "refsource": "SUSE", "url": "http://lists.suse.com/archive/suse-security-announce/2007-Mar/0003.html"}, {"name": "DSA-1330", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2007/dsa-1330"}, {"name": "ADV-2007-0898", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2007/0898"}, {"name": "24471", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/24471"}, {"name": "pecl-url-wrapper-bo(32889)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32889"}, {"name": "25938", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/25938"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T12:50:35.275Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://www.php-security.org/MOPB/MOPB-16-2007.html"}, {"name": "24514", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/24514"}, {"name": "32782", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://www.osvdb.org/32782"}, {"name": "22883", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/22883"}, {"name": "SUSE-SA:2007:020", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.suse.com/archive/suse-security-announce/2007-Mar/0003.html"}, {"name": "DSA-1330", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "http://www.debian.org/security/2007/dsa-1330"}, {"name": "ADV-2007-0898", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2007/0898"}, {"name": "24471", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/24471"}, {"name": "pecl-url-wrapper-bo(32889)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32889"}, {"name": "25938", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/25938"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2007-1399", "datePublished": "2007-03-10T22:00:00", "dateReserved": "2007-03-10T00:00:00", "dateUpdated": "2024-08-07T12:50:35.275Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:php:php:5.2.0:*:*:*:*:*:*:*", "matchCriteriaId": "CD02D837-FD28-4E0F-93F8-25E8D1C84A99", "vulnerable": true}, {"criteria": "cpe:2.3:a:php:php:5.2.1:*:*:*:*:*:*:*", "matchCriteriaId": "88358D1E-BE6F-4CE3-A522-83D1FA4739E3", "vulnerable": true}, {"criteria": "cpe:2.3:a:pierrejoye:php_zip:*:*:*:*:*:php:*:*", "matchCriteriaId": "640F4896-C014-45F7-9773-B3B0142645B3", "versionEndExcluding": "1.8.4", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Stack-based buffer overflow in the zip:// URL wrapper in PECL ZIP 1.8.3 and earlier, as bundled with PHP 5.2.0 and 5.2.1, allows remote attackers to execute arbitrary code via a long zip:// URL, as demonstrated by actively triggering URL access from a remote PHP interpreter via avatar upload or blog pingback."}, {"lang": "es", "value": "Desbordamiento de b\u00fafer basado en pila en el envoltorio (wrapper) de URL zip:// en PECL ZIP 1.8.3 y anteriores, como ha sido incluido en PHP 5.2.0 y 5.2.1, permite a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n mediante una URL zip:// larga, como ha sido demostrado accediendo activamente a la URL desde un int\u00e9rprete PHP remoto mediante una subida avatar o notificaci\u00f3n de que el blog ha sido enlazado (blog pingback)."}], "id": "CVE-2007-1399", "lastModified": "2025-12-11T15:45:09.850", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 10.0, "obtainAllPrivilege": true, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "[email protected]", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "[email protected]", "type": "Primary"}]}, "published": "2007-03-10T22:19:00.000", "references": [{"source": "[email protected]", "tags": ["Broken Link"], "url": "http://lists.suse.com/archive/suse-security-announce/2007-Mar/0003.html"}, {"source": "[email protected]", "tags": ["Not Applicable"], "url": "http://secunia.com/advisories/24471"}, {"source": "[email protected]", "tags": ["Not Applicable"], "url": "http://secunia.com/advisories/24514"}, {"source": "[email protected]", "tags": ["Not Applicable"], "url": "http://secunia.com/advisories/25938"}, {"source": "[email protected]", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://www.debian.org/security/2007/dsa-1330"}, {"source": "[email protected]", "tags": ["Broken Link"], "url": "http://www.osvdb.org/32782"}, {"source": "[email protected]", "tags": ["Exploit", "Vendor Advisory"], "url": "http://www.php-security.org/MOPB/MOPB-16-2007.html"}, {"source": "[email protected]", "tags": ["Broken Link"], "url": "http://www.securityfocus.com/bid/22883"}, {"source": "[email protected]", "tags": ["Not Applicable"], "url": "http://www.vupen.com/english/advisories/2007/0898"}, {"source": "[email protected]", "tags": ["Third Party Advisory"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32889"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link"], "url": "http://lists.suse.com/archive/suse-security-announce/2007-Mar/0003.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Not Applicable"], "url": "http://secunia.com/advisories/24471"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Not Applicable"], "url": "http://secunia.com/advisories/24514"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Not Applicable"], "url": "http://secunia.com/advisories/25938"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://www.debian.org/security/2007/dsa-1330"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link"], "url": "http://www.osvdb.org/32782"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Vendor Advisory"], "url": "http://www.php-security.org/MOPB/MOPB-16-2007.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link"], "url": "http://www.securityfocus.com/bid/22883"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Not Applicable"], "url": "http://www.vupen.com/english/advisories/2007/0898"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32889"}], "sourceIdentifier": "[email protected]", "vendorComments": [{"comment": "Not vulnerable. The zip extension was not shipped in versions of PHP \nprovided for Red Hat Enterprise Linux 2.1, 3, 4, 5, Stronghold 4.0, or\nRed Hat Application Stack 1.", "lastModified": "2007-04-16T00:00:00", "organization": "Red Hat"}], "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "[email protected]", "type": "Primary"}]}