CVE-2007-4840

Name of the Vulnerable Software and Affected Versions: PHP versions 5.2.4 and earlier

Description: The issue allows context-dependent attackers to cause a denial of service, resulting in an application crash. This can be achieved by providing a long string in the out charset parameter to the iconv function, or a long string in the charset parameter to the iconv mime decode headers, iconv mime decode, or iconv strlen functions.

Recommendations: For PHP versions 5.2.4 and earlier, consider restricting the length of input strings for the out charset and charset parameters to prevent denial of service attacks. As a temporary workaround, consider implementing input validation to limit the string length passed to the iconv, iconv mime decode headers, iconv mime decode, and iconv strlen functions until a patch is available.