CVE-2007-4783

Publication date 10 September 2007

Last updated 24 July 2024

Ubuntu priority

Negligible

Why this priority?

Description

The iconv_substr function in PHP 5.2.4 and earlier allows context-dependent attackers to cause (1) a denial of service (application crash) via a long string in the charset parameter, probably also requiring a long string in the str parameter; or (2) a denial of service (temporary application hang) via a long string in the str parameter. NOTE: this might not be a vulnerability in most web server environments that support multiple threads, unless these issues can be demonstrated for code execution.

Read the notes from the security team

Status

Package Ubuntu Release Status
php5 8.04 LTS hardy Ignored end of life, was needed
7.10 gutsy Ignored end of life, was needed
7.04 feisty Ignored end of life, was needed
6.10 edgy Ignored end of life, was needed
6.06 LTS dapper Ignored end of life, was needed

Notes

kees

local php instance crasher only, not a serious security issue

References

Other references