CVE-2007-4840

Description

PHP 5.2.4 and earlier allows context-dependent attackers to cause a denial of service (application crash) via (1) a long string in the out_charset parameter to the iconv function; or a long string in the charset parameter to the (2) iconv_mime_decode_headers, (3) iconv_mime_decode, or (4) iconv_strlen function. NOTE: this might not be a vulnerability in most web server environments that support multiple threads, unless these issues can be demonstrated for code execution.

How to fix CVE-2007-4840

To remediate CVE-2007-4840, upgrade the affected package to a fixed version below.

• Debian/glibc—upgrade to 2.7-1 or later

Is CVE-2007-4840 being exploited?

Low — EPSS is 1.4%, meaning exploitation activity has not been observed at scale.

Affected packages (1)

• from 0, < 2.7-1

References (1)

• ADVISORYsecurity-tracker.debian.org/tracker/CVE-2007-4840