CVE-2016-4342

Priority
Description
ext/phar/phar_object.c in PHP before 5.5.32, 5.6.x before 5.6.18, and 7.x
before 7.0.3 mishandles zero-length uncompressed data, which allows remote
attackers to cause a denial of service (heap memory corruption) or possibly
have unspecified other impact via a crafted (1) TAR, (2) ZIP, or (3) PHAR
archive.
Assigned-to
mdeslaur
Notes
Package
Source: php5 (LP Ubuntu Debian)
Upstream:released (5.6.18+dfsg-1)
Ubuntu 14.04 ESM (Trusty Tahr):released (5.5.9+dfsg-1ubuntu4.17)
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Patches:
Upstream:https://git.php.net/?p=php-src.git;a=commit;h=13ad4d3e971807f9a58ab5933182907dc2958539
Package
Upstream:released (7.0.3-1)
Ubuntu 14.04 ESM (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):not-affected (7.0.4-7ubuntu2)
Patches:
Upstream:https://git.php.net/?p=php-src.git;a=commit;h=13ad4d3e971807f9a58ab5933182907dc2958539
More Information

Updated: 2019-12-05 18:45:12 UTC (commit dd38ff22974aae499eb50644b9d5a2817483cbdb)