Description
strtod.c, as used in the zend_strtod function in PHP 5.2 before 5.2.17 and 5.3 before 5.3.5, and other products, allows context-dependent attackers to cause a denial of service (infinite loop) via a certain floating-point value in scientific notation, which is not properly handled in x87 FPU registers, as demonstrated using 2.2250738585072011e-308.
Remediation
References
Related Vulnerabilities
Joomla! Core 2.5.x Cross-Site Scripting (2.5.0 - 2.5.9)
Jboss EAP Use of a Broken or Risky Cryptographic Algorithm Vulnerability (CVE-2018-1000180)
ownCloud Permissions, Privileges, and Access Controls Vulnerability (CVE-2012-5665)
WordPress Plugin Infusionsoft Gravity Forms Add-on Cross-Site Scripting (1.5.11)
WordPress Plugin On Page SEO + Social Live Chat (Formerly OPS) Cross-Site Scripting (1.0.1)