Red Hat Bugzilla – Bug 285891
CVE-2007-4783 php crash in iconv_substr() function
Last modified: 2007-11-29 09:36:57 EST
Common Vulnerabilities and Exposures assigned an identifier CVE-2007-4783 to the following vulnerability:
The iconv_substr function in PHP 5.2.4 and earlier allows context-dependent attackers to cause (1) a denial of service (application crash) via a long string in the charset parameter, probably also requiring a long string in the str parameter; or (2) a denial of service (temporary application hang) via a long string in the str parameter. NOTE: this might not be a vulnerability in most web server environments that support multiple threads, unless these issues can be demonstrated for code execution.
We do not consider these to be security issues. For more details see
Addresses in PHP 5.2.5 along with related CVE-2007-4840, patch: