php is vulnerable to denial of service (DoS) attacks. The vulnerability exists through an Array index error in the (1) dtoa implementation in dtoa.c (aka pdtoa.c) and the (2) gdtoa (aka new dtoa) implementation in gdtoa/misc.c in libc, as used in multiple operating systems and products including in FreeBSD 6.4 and 7.2, NetBSD 5.0, OpenBSD 4.5, Mozilla Firefox 3.0.x before 3.0.15 and 3.5.x before 3.5.4, K-Meleon 1.5.3, SeaMonkey 1.1.8, and other products, allows context-dependent attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a large precision value in the format argument to a printf function, which triggers incorrect memory allocation and a heap-based buffer overflow during conversion to a floating-point number.
cvsweb.netbsd.org/bsdweb.cgi/src/lib/libc/gdtoa/gdtoaimp.h
lists.apple.com/archives/security-announce/2010//Mar/msg00001.html
lists.apple.com/archives/security-announce/2010/Jun/msg00003.html
lists.opensuse.org/opensuse-security-announce/2009-11/msg00004.html
lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html
rhn.redhat.com/errata/RHSA-2014-0311.html
rhn.redhat.com/errata/RHSA-2014-0312.html
secunia.com/advisories/37431
secunia.com/advisories/37682
secunia.com/advisories/37683
secunia.com/advisories/38066
secunia.com/advisories/38977
secunia.com/advisories/39001
secunia.com/secunia_research/2009-35/
securityreason.com/achievement_securityalert/63
securityreason.com/achievement_securityalert/69
securityreason.com/achievement_securityalert/71
securityreason.com/achievement_securityalert/72
securityreason.com/achievement_securityalert/73
securityreason.com/achievement_securityalert/75
securityreason.com/achievement_securityalert/76
securityreason.com/achievement_securityalert/77
securityreason.com/achievement_securityalert/78
securityreason.com/achievement_securityalert/81
securitytracker.com/id?1022478
sunsolve.sun.com/search/document.do?assetkey=1-26-272909-1
support.apple.com/kb/HT4077
support.apple.com/kb/HT4225
www.mandriva.com/security/advisories?name=MDVSA-2009:294
www.mandriva.com/security/advisories?name=MDVSA-2009:330
www.mozilla.org/security/announce/2009/mfsa2009-59.html
www.openbsd.org/cgi-bin/cvsweb/src/lib/libc/gdtoa/misc.c
www.opera.com/support/kb/view/942/
www.redhat.com/support/errata/RHSA-2009-1601.html
www.redhat.com/support/errata/RHSA-2010-0153.html
www.redhat.com/support/errata/RHSA-2010-0154.html
www.securityfocus.com/archive/1/507977/100/0/threaded
www.securityfocus.com/archive/1/507979/100/0/threaded
www.securityfocus.com/archive/1/508417/100/0/threaded
www.securityfocus.com/archive/1/508423/100/0/threaded
www.securityfocus.com/bid/35510
www.ubuntu.com/usn/USN-915-1
www.vupen.com/english/advisories/2009/3297
www.vupen.com/english/advisories/2009/3299
www.vupen.com/english/advisories/2009/3334
www.vupen.com/english/advisories/2010/0094
www.vupen.com/english/advisories/2010/0648
www.vupen.com/english/advisories/2010/0650
access.redhat.com/security/updates/classification/#critical
bugzilla.mozilla.org/show_bug.cgi?id=516396
bugzilla.mozilla.org/show_bug.cgi?id=516862
bugzilla.redhat.com/show_bug.cgi?id=1057555
lists.debian.org/debian-lts-announce/2018/11/msg00001.html
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6528
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9541
rhn.redhat.com/errata/RHSA-2014-0312.html