The ovrimos_longreadlen function in the Ovrimos extension for PHP before 4.4.5 allows context-dependent attackers to write to arbitrary memory locations via the result_id and length arguments.Referenceshttp://www.php-security.org/MOPB/MOPB-13-2007.htmlhttp://www.securityfocus.com/bid/22833http://www.osvdb.org/32779
