CyberSec.Space Logo
Back to CVE Browser

CVE-2007-3944

CRITICAL
9.3
CVSS Severity Score
EPSS Score0.1770%
EPSS Percentile37.91th
PublishedJul 23, 2007
Last ModifiedApr 23, 2026

Vulnerability Description

Multiple heap-based buffer overflows in the Perl Compatible Regular Expressions (PCRE) library in the JavaScript engine in WebKit in Apple Safari 3 Beta before Update 3.0.3, and iPhone before 1.0.1, allow remote attackers to execute arbitrary code via certain JavaScript regular expressions. NOTE: this issue was originally reported only for MobileSafari on the iPhone. NOTE: it is not clear whether this stems from an issue in the original distribution of PCRE, which might already have a separate CVE identifier.

Affected Platforms (CPE)

πŸ“¦
Apple

Safari

= 3.0
πŸ“¦
Apple

Webkit

All versions
πŸ’»
Apple

Iphone Os

<= 1.0.0

References & Advisories

πŸ”— http://docs.info.apple.com/article.html?artnum=306173
πŸ”— http://docs.info.apple.com/article.html?artnum=306174
πŸ”— http://secunia.com/advisories/26287
πŸ”— http://www.nytimes.com/2007/07/23/technology/23iphone.html?_r=1&adxnnl=1&adxnnlx=1185163364-1OTsRJvbylLamj17FY2wnw&oref=slogin
πŸ”— http://www.securityevaluators.com/iphone/
πŸ”— http://www.securityevaluators.com/iphone/exploitingiphone.pdf
πŸ”— http://www.securityfocus.com/bid/25002
πŸ”— http://www.securitytracker.com/id?1018439

Related Vulnerabilities

CVE-2004-053910.0

The "Show in Finder" button in the Safari web browser in Mac OS X 10.3.4 and 10.2.8 may execute downloaded applications, which cou...

CVE-2007-284310.0

Cross-domain vulnerability in Apple Safari 2.0.4 allows remote attackers to access restricted information from other domains via J...

CVE-2004-009210.0

Unknown vulnerability in Safari web browser in Mac OS X 10.2.8 and 10.3.2, with unknown impact.

CVE-2008-230310.0

Integer signedness error in Safari on Apple iPhone before 2.0 and iPod touch before 2.0 allows remote attackers to execute arbitra...