CVE-2016-6297 (retired)

Integer overflow in the php_stream_zip_opener function in
ext/zip/zip_stream.c in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x
before 7.0.9 allows remote attackers to cause a denial of service
(stack-based buffer overflow) or possibly have unspecified other impact via
a crafted zip:// URL.
More Information

Updated: 2019-03-26 12:22:22 UTC (commit ccdecfcf0fead22bd291e5f4ea745a46872dcb15)