CVE-2005-2491

Publication date 23 August 2005

Last updated 17 July 2025

Ubuntu priority

Integer overflow in pcre_compile.c in Perl Compatible Regular Expressions (PCRE) before 6.2, as used in multiple products such as Python, Ethereal, and PHP, allows attackers to execute arbitrary code via quantifier values in regular expressions, which leads to a heap-based buffer overflow.

Status

Show unmaintained releases

Package	Ubuntu Release	Status
apache2	7.04 feisty	Not affected
	6.10 edgy	Not affected
	6.06 LTS dapper	Not affected
gnumeric	7.04 feisty	Not affected
	6.10 edgy	Not affected
	6.06 LTS dapper	Not affected
pcre3	7.04 feisty	Fixed 6.4-1.1ubuntu4
	6.10 edgy	Fixed 6.4-1.1ubuntu4
	6.06 LTS dapper	Fixed 6.4-1.1ubuntu4
python2.2	7.04 feisty	Not in release
	6.10 edgy	Not in release
	6.06 LTS dapper	Fixed 2.2.3dfsg-4
python2.3	7.04 feisty	Not in release
	6.10 edgy	Not in release
	6.06 LTS dapper	Fixed 2.3.5-9ubuntu1.2
python2.4	7.04 feisty	Not affected
	6.10 edgy	Not affected
	6.06 LTS dapper	Not affected

References

Related Ubuntu Security Notices (USN)

USN-173-2
PCRE vulnerability
25 August 2005

USN-173-4
PCRE vulnerabilities
31 August 2005

USN-173-1
PCRE vulnerability
24 August 2005

Other references

https://www.cve.org/CVERecord?id=CVE-2005-2491