2
Candidate: CVE-2007-3294
4
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3294
6
Multiple buffer overflows in libtidy, as used in the Tidy extension for PHP
7
5.2.3 and possibly other products, allow context-dependent attackers to
8
execute arbitrary code via (1) a long second argument to the
9
tidy_parse_string function or (2) an unspecified vector to the
10
tidy_repair_string function. NOTE: this might only be an issue in
11
environments where vsnprintf is implemented as a wrapper for vsprintf.
14
kees> local malicious script