CVE-2007-1659
pcre3 - arbitrary code execution
EPSS 5.3%
Description
Perl-Compatible Regular Expression (PCRE) library before 7.3 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via regex patterns containing unmatched "\Q\E" sequences with orphan "\E" codes.
How to fix CVE-2007-1659
To remediate CVE-2007-1659, upgrade the affected package to a fixed version below.
- Debian/glib2.0—upgrade to 2.14.3-1 or later
- Debian/pcre3—upgrade to 7.3-1 or later
- Debian/pcre3—upgrade to 4.5+7.4-1 or later
- —upgrade to 6.7+7.4-2+lenny1 or later
Is CVE-2007-1659 being exploited?
Moderate — EPSS is 5.3%. Track this CVE but it's not at the top of the prioritisation list.
Affected packages (4)
- from 0, < 2.14.3-1
- from 0, < 7.3-1
- from 0, < 4.5+7.4-1
- from 0, < 6.7+7.4-2+lenny1