CVE-2007-1484

Name: CVE-2007-1484
Creator: NVD / NIST
Published: 2007-03-16T21:19:00+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

UnknownEPSS 1.11%

Last modified Jun 16, 2026

CVE-2007-1484 is a vulnerability of currently unknown severity. The array_user_key_compare function in PHP 4.4.6 and earlier, and 5.x up to 5.2.1, makes erroneous calls to zval_dtor, which triggers memory corruption and allows local users to bypass safe_mode and execute arbitrary code via a certain unset operation after array_user_key_compare has been called.. EPSS estimates a 1.11% chance of exploitation in the next 30 days.

Description

The array_user_key_compare function in PHP 4.4.6 and earlier, and 5.x up to 5.2.1, makes erroneous calls to zval_dtor, which triggers memory corruption and allows local users to bypass safe_mode and execute arbitrary code via a certain unset operation after array_user_key_compare has been called.

Metrics

EPSS Probability

1.11%

61.7th percentile

Probability of exploitation in the next 30 days. Learn more

Affected Software

Vendor	Product	Versions
Php	Php	<= 4.4.6
Php	Php	>= 5.0.0, <= 5.2.1

References

http://docs.info.apple.com/article.html?artnum=306172Third Party Advisory
http://lists.apple.com/archives/security-announce//2007/Jul/msg00004.htmlMailing List, Third Party Advisory
http://secunia.com/advisories/24542Third Party Advisory
http://secunia.com/advisories/25056Third Party Advisory
http://secunia.com/advisories/25057Third Party Advisory
http://secunia.com/advisories/25445Third Party Advisory
http://secunia.com/advisories/26235Third Party Advisory
http://security.gentoo.org/glsa/glsa-200705-19.xmlThird Party Advisory
http://us2.php.net/releases/4_4_7.phpThird Party Advisory
http://us2.php.net/releases/5_2_2.phpThird Party Advisory
http://www.novell.com/linux/security/advisories/2007_32_php.htmlBroken Link
http://www.php-security.org/MOPB/MOPB-24-2007.htmlExploit, Third Party Advisory
http://www.securityfocus.com/bid/22990Third Party Advisory, VDB Entry
http://www.securityfocus.com/bid/25159Third Party Advisory, VDB Entry
http://www.ubuntu.com/usn/usn-455-1Third Party Advisory
http://www.vupen.com/english/advisories/2007/2732Third Party Advisory
http://docs.info.apple.com/article.html?artnum=306172Third Party Advisory
http://lists.apple.com/archives/security-announce//2007/Jul/msg00004.htmlMailing List, Third Party Advisory
http://secunia.com/advisories/24542Third Party Advisory
http://secunia.com/advisories/25056Third Party Advisory
http://secunia.com/advisories/25057Third Party Advisory
http://secunia.com/advisories/25445Third Party Advisory
http://secunia.com/advisories/26235Third Party Advisory
http://security.gentoo.org/glsa/glsa-200705-19.xmlThird Party Advisory
http://us2.php.net/releases/4_4_7.phpThird Party Advisory
http://us2.php.net/releases/5_2_2.phpThird Party Advisory
http://www.novell.com/linux/security/advisories/2007_32_php.htmlBroken Link
http://www.php-security.org/MOPB/MOPB-24-2007.htmlExploit, Third Party Advisory
http://www.securityfocus.com/bid/22990Third Party Advisory, VDB Entry
http://www.securityfocus.com/bid/25159Third Party Advisory, VDB Entry
http://www.ubuntu.com/usn/usn-455-1Third Party Advisory
http://www.vupen.com/english/advisories/2007/2732Third Party Advisory

Timeline

Published: Mar 16, 2007
Last Modified: Jun 16, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2007-1484?

How severe is CVE-2007-1484?

Severity scoring for CVE-2007-1484 is pending analysis. The EPSS model estimates a 1.11% probability of exploitation in the next 30 days.

How do I fix CVE-2007-1484?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2007-1484?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST