VYPR
Unrated severityNVD Advisory· Published Sep 12, 2007· Updated Jun 16, 2026

CVE-2007-4840

CVE-2007-4840

Description

PHP 5.2.4 and earlier allows context-dependent attackers to cause a denial of service (application crash) via (1) a long string in the out_charset parameter to the iconv function; or a long string in the charset parameter to the (2) iconv_mime_decode_headers, (3) iconv_mime_decode, or (4) iconv_strlen function. NOTE: this might not be a vulnerability in most web server environments that support multiple threads, unless these issues can be demonstrated for code execution.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • PHP/PHP2 versions
    cpe:2.3:a:php:php:*:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:a:php:php:*:*:*:*:*:*:*:*range: <=5.2.4
    • (no CPE)range: <=5.2.4

Patches

Vulnerability mechanics

References

12

News mentions

0

No linked articles in our index yet.