PHP Other Vulnerability - CVE-2011-3182
PHP before 5.3.7 does not properly check the return values of the malloc calloc and realloc library functions which allows context-dependent attackers to cause a denial of service (NULL pointer dereference and application crash) or trigger a buffer overflow by leveraging the ability to provide an arbitrary value for a function argument related to (1) ext/curl/interface.c (2) ext/date/lib/parse_date.c (3) ext/date/lib/parse_iso_intervals.c (4) ext/date/lib/parse_tz.c (5) ext/date/lib/timelib.c (6) ext/pdo_odbc/pdo_odbc.c (7) ext/reflection/php_reflection.c (8) ext/soap/php_sdl.c (9) ext/xmlrpc/libxmlrpc/base64.c (10) TSRM/tsrm_win32.c and (11) the strtotime function.
