CVE-2016-3078

Priority
Description
Multiple integer overflows in php_zip.c in the zip extension in PHP before
7.0.6 allow remote attackers to cause a denial of service (heap-based
buffer overflow and application crash) or possibly have unspecified other
impact via a crafted call to (1) getFromIndex or (2) getFromName in the
ZipArchive class.
Assigned-to
mdeslaur
Notes
mdeslaur32-bit only
php7.0 only
Package
Source: php5 (LP Ubuntu Debian)
Upstream:not-affected
Ubuntu 14.04 ESM (Trusty Tahr):not-affected
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Package
Upstream:released (7.0.6-1)
Ubuntu 14.04 ESM (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):released (7.0.4-7ubuntu2.1)
Patches:
Upstream:https://git.php.net/?p=php-src.git;a=commit;h=ccc12efa32f855e6057cb9b7e1e45afe08503a00
More Information

Updated: 2019-12-05 18:44:42 UTC (commit dd38ff22974aae499eb50644b9d5a2817483cbdb)