{"id":"MGASA-2017-0454","summary":"Updated pcre packages fix security vulnerabilities","details":"The compile_bracket_matchingpath function in pcre_jit_compile.c in PCRE\nthrough 8.x before revision 1680 (e.g., the PHP 7.1.1 bundled version)\nallows remote attackers to cause a denial of service (out-of-bounds read\nand application crash) via a crafted regular expression (CVE-2017-6004).\n\nA vulnerability was found in pcre caused by trying to find a Unicode\nproperty for a code value greater than 0x10ffff, the Unicode maximum,\nwhen running in non-UTF mode (where character values can be up to\n0xffffffff) (CVE-2017-7186).\n\nThe _pcre32_xclass function in pcre_xclass.c in libpcre1 in PCRE 8.40\nallows remote attackers to cause a denial of service (invalid memory\nread) via a crafted file (CVE-2017-7244).\n\nStack-based buffer overflow in the pcre32_copy_substring function in\npcre_get.c in libpcre1 in PCRE 8.40 allows remote attackers to cause a\ndenial of service (WRITE of size 4) or possibly have unspecified other\nimpact via a crafted file (CVE-2017-7245).\n\nStack-based buffer overflow in the pcre32_copy_substring function in\npcre_get.c in libpcre1 in PCRE 8.40 allows remote attackers to cause a\ndenial of service (WRITE of size 268) or possibly have unspecified other\nimpact via a crafted file (CVE-2017-7246).\n","modified":"2026-04-16T01:46:48.510988461Z","published":"2017-12-21T17:43:29Z","upstream":["CVE-2017-6004","CVE-2017-7186","CVE-2017-7244","CVE-2017-7245","CVE-2017-7246"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2017-0454.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=20355"},{"type":"WEB","url":"http://openwall.com/lists/oss-security/2017/03/24/1"},{"type":"WEB","url":"http://openwall.com/lists/oss-security/2017/03/24/2"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/ESZV6GLV63XBXTZQOAJPOWLRIG35TEV7/"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/XEYMUTVQAMYFGYH7ZE6RJD34GJMBZRMS/"}],"affected":[{"package":{"name":"pcre","ecosystem":"Mageia:5","purl":"pkg:rpm/mageia/pcre?arch=source&distro=mageia-5"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"8.41-1.mga5"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2017-0454.json"}},{"package":{"name":"pcre","ecosystem":"Mageia:6","purl":"pkg:rpm/mageia/pcre?arch=source&distro=mageia-6"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"8.41-1.mga6"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2017-0454.json"}}],"schema_version":"1.7.5","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}