2 matches found
CVE-2018-6345
The function numberformat is vulnerable to a heap overflow issue when its second argument $decpoints is excessively large. The internal implementation of the function will cause a string to be created with an invalid length, which can then interact poorly with other functions. This affects all...
CVE-2018-6345
The CVE-2018-6345 entry concerns Facebook HHVM’s number_format function. Concrete details from connected sources show a heap overflow in number_format when the second argument ($dec_points) is excessively large, affecting all supported HHVM versions up to 3.30.1 and 3.27.5 and earlier. The underl...