PHP mbstring buffer overflow vulnerability
PHP is “a scripting language extensively used in web application development. The package contains a number of language extensions aside from the language core”.
A heap buffer overflow was found in mbstring extension that is bundled in the standard distribution. mbstring extension provides a set of functions for the manipulation of multibyte / Unicode strings.
The vulnerability occurs in the part of the encoding conversion facility that decodes strings that contain HTML entities into Unicode strings. Due to the decoder’s incorrect handling of error conditions, the bounds check for a heap-allocated buffer is effectively bypassed. An attacker can exploit this vulnerability to transfer arbitrary data to a specific region of the heap if he gains control over the input of the decoder.
More at http://seclists.org