In Function 'WrapText', when the value of $length becomes zero, the following loops becomes an infinte loops.
while (strlen($word) > 0) {
$len = $length;
if ($is_utf8) {
$len = $this->UTF8CharBoundary($word, $len);
} elseif (substr($word, $len - 1, 1) == "=") {
$len--;
} elseif (substr($word, $len - 2, 1) == "=") {
$len -= 2;
}
$part = substr($word, 0, $len);
$word = substr($word, $len);
if (strlen($word) > 0) {
$message .= $part . sprintf("=%s", $this->LE);
} else {
$buf = $part;
Moreover, $length can be zero when $this->charset is greater than 68 at the function 'EncodeHeader'
Since $this->charset can be defined by users, not programers, this vulnerability can be a DoS threat.
In Function 'WrapText', when the value of $length becomes zero, the following
loops becomes an infinte loops.
while (strlen($word) > 0) {
$len = $length;
if ($is_utf8) {
$len = $this->UTF8CharBoundary($word, $len);
} elseif (substr($word, $len - 1, 1) == "=") {
$len--;
} elseif (substr($word, $len - 2, 1) == "=") {
$len -= 2;
}
$part = substr($word, 0, $len);
$word = substr($word, $len);
if (strlen($word) > 0) {
$message .= $part . sprintf("=%s", $this->LE);
} else {
$buf = $part;
}
}
Moreover, $length can be zero when $this->charset is greater than 68 at the
function 'EncodeHeader'
Since $this->charset can be defined by users, not programers, this
vulnerability can be a DoS threat.