CVE-2014-9912

Name of the Vulnerable Software and Affected Versions PHP versions prior to 5.3.29 PHP versions 5.4.x prior to 5.4.30 PHP versions 5.5.x prior to 5.5.14

Description The issue is related to the get icu disp value src php function, which does not properly restrict calls to the ICU uresbund.cpp component. This allows remote attackers to cause a denial of service (buffer overflow) or possibly have other unspecified impacts via a locale get display name call with a long first argument.

Recommendations For PHP versions prior to 5.3.29, update to version 5.3.29 or later. For PHP versions 5.4.x prior to 5.4.30, update to version 5.4.30 or later. For PHP versions 5.5.x prior to 5.5.14, update to version 5.5.14 or later.