PHP 5.3.x 'Intl' Extension - 'NumberFormatter::setSymbol()' Denial of Service

source: https://www.securityfocus.com/bid/46968/info

PHP is prone to a remote denial-of-service vulnerability that affects the 'Intl' extension.

Successful attacks will cause the application to crash, creating a denial-of-service condition. Due to the nature of this issue, arbitrary code-execution may be possible; however, this has not been confirmed.

PHP versions prior to 5.3.6 are vulnerable.

numfmt_set_symbol(numfmt_create("en", NumberFormatter::PATTERN_DECIMAL), 2147483648, "")