CVE-2007-3944

Published: Jul 23, 2007Modified: Apr 23, 2026

9.3

Vector

AV:N/AC:M/Au:N/C:C/I:C/A:C

Exploitability: 8.6 / Impact: 10.0

Source: NVD

Description

Multiple heap-based buffer overflows in the Perl Compatible Regular Expressions (PCRE) library in the JavaScript engine in WebKit in Apple Safari 3 Beta before Update 3.0.3, and iPhone before 1.0.1, allow remote attackers to execute arbitrary code via certain JavaScript regular expressions. NOTE: this issue was originally reported only for MobileSafari on the iPhone. NOTE: it is not clear whether this stems from an issue in the original distribution of PCRE, which might already have a separate CVE identifier.

Affected (3)

Products: Apple: Iphone Os, Safari, Webkit

3 products

Configuration A

3 vulnerable

Vulnerable Software	Affected Versions
Apple Iphone Os	Up to 1.0.0
Apple Safari	Version 3.0
Apple Webkit	All versions

Related CWEs

Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

References (22)

http://docs.info.apple.com/article.html?artnum=306173

Source: cve@mitre.org

http://docs.info.apple.com/article.html?artnum=306174

Source: cve@mitre.org

http://secunia.com/advisories/26287

Source: cve@mitre.org

Vendor Advisory

http://www.nytimes.com/2007/07/23/technology/23iphone.html?_r=1&adxnnl=1&adxnnlx=1185163364-1OTsRJvbylLamj17FY2wnw&oref=slogin

Source: cve@mitre.org

http://www.securityevaluators.com/iphone/

Source: cve@mitre.org

http://www.securityevaluators.com/iphone/exploitingiphone.pdf

Source: cve@mitre.org

http://www.securityfocus.com/bid/25002

Source: cve@mitre.org

http://www.securitytracker.com/id?1018439

Source: cve@mitre.org

http://www.vupen.com/english/advisories/2007/2730

Source: cve@mitre.org

Vendor Advisory

http://www.vupen.com/english/advisories/2007/2731

Source: cve@mitre.org

Vendor Advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/35577

Source: cve@mitre.org

http://docs.info.apple.com/article.html?artnum=306173

Source: af854a3a-2127-422b-91ae-364da2661108

http://docs.info.apple.com/article.html?artnum=306174

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/26287

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://www.nytimes.com/2007/07/23/technology/23iphone.html?_r=1&adxnnl=1&adxnnlx=1185163364-1OTsRJvbylLamj17FY2wnw&oref=slogin

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityevaluators.com/iphone/

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityevaluators.com/iphone/exploitingiphone.pdf

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/bid/25002

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securitytracker.com/id?1018439

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.vupen.com/english/advisories/2007/2730

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://www.vupen.com/english/advisories/2007/2731

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/35577

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.