Total vulnerabilities in the database
strtod.c, as used in the zend_strtod function in PHP 5.2 before 5.2.17 and 5.3 before 5.3.5, and other products, allows context-dependent attackers to cause a denial of service (infinite loop) via a certain floating-point value in scientific notation, which is not properly handled in x87 FPU registers, as demonstrated using 2.2250738585072011e-308.
| Software | From | Fixed in |
|---|---|---|
| php / php | 5.2.9 | 5.2.9.x |
| php / php | 5.2.14 | 5.2.14.x |
| php / php | 5.2.16 | 5.2.16.x |
| php / php | 5.2.7 | 5.2.7.x |
| php / php | 5.2.2 | 5.2.2.x |
| php / php | 5.2.5 | 5.2.5.x |
| php / php | 5.2.12 | 5.2.12.x |
| php / php | 5.2.11 | 5.2.11.x |
| php / php | 5.2.6 | 5.2.6.x |
| php / php | 5.2.3 | 5.2.3.x |
| php / php | 5.2.13 | 5.2.13.x |
| php / php | 5.2.0 | 5.2.0.x |
| php / php | 5.2.4 | 5.2.4.x |
| php / php | 5.2.10 | 5.2.10.x |
| php / php | 5.2.15 | 5.2.15.x |
| php / php | 5.2.1 | 5.2.1.x |
| php / php | 5.2.8 | 5.2.8.x |
| php / php | 5.3.1 | 5.3.1.x |
| php / php | 5.3.0 | 5.3.0.x |
| php / php | 5.3.3 | 5.3.3.x |
| php / php | 5.3.2 | 5.3.2.x |
| php / php | 5.3.4 | 5.3.4.x |