{
  "details" : [ "PHP 4.0.0 through 4.4.6 and 5.0.0 through 5.2.1 allows context-dependent attackers to read arbitrary memory locations via an interruption that triggers a user space error handler that changes a parameter to an arbitrary pointer, as demonstrated via the iptcembed function, which calls certain convert_to_* functions with its input parameters." ],
  "statement" : "The PHP interpreter does not offer a reliable \"sandboxed\" security layer (as found in, say, a JVM) in which untrusted scripts can be run; any script run by the PHP interpreter must be trusted with the privileges of the interpreter itself.  We therefore do not classify this issue as security-sensitive since no trust boundary is crossed.",
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2007-1883\nhttps://nvd.nist.gov/vuln/detail/CVE-2007-1883" ],
  "name" : "CVE-2007-1883",
  "csaw" : false
}