Published: 20/03/2011 Updated: 19/01/2023

CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6

VMScore: 435

Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P

Integer signedness error in zip_stream.c in the Zip extension in PHP prior to 5.3.6 allows context-dependent malicious users to cause a denial of service (CPU consumption) via a malformed archive file that triggers errors in zip_fread function calls.

Vulnerable Product	Search on Vulmon	Subscribe to Product
php php

Several vulnerabilities were discovered in PHP, which could lead to denial of service or potentially the execution of arbitrary code CVE-2010-2531 An information leak was found in the var_export() function CVE-2011-0421 The Zip module could crash CVE-2011-0708 An integer overflow was discovered in the Exif module CVE-2011-1466 An i ...

USN 1126-1 introduced two regressions in PHP ...

Multiple vulnerabilities in PHP ...

source: wwwsecurityfocuscom/bid/46975/info PHP is prone to a remote denial-of-service vulnerability that affects the 'Zip' extension Successful attacks will cause the application to crash, creating a denial-of-service condition Due to the nature of this issue, arbitrary code-execution may be possible; however, this has not been confirm ...

CWE-189 http://www.php.net/ChangeLog-5.php http://bugs.php.net/bug.php?id=49072 http://www.mandriva.com/security/advisories?name=MDVSA-2011:052 http://www.mandriva.com/security/advisories?name=MDVSA-2011:053 http://www.vupen.com/english/advisories/2011/0744 http://www.securityfocus.com/bid/46975 http://support.apple.com/kb/HT5002 http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html http://www.redhat.com/support/errata/RHSA-2011-1423.html http://www.debian.org/security/2011/dsa-2266 https://nvd.nist.gov https://www.debian.org/security/./dsa-2266 https://usn.ubuntu.com/1126-2/https://www.exploit-db.com/exploits/35485/

CVE-2011-1471

Vulnerability Summary

Vendor Advisories

Exploits

References

Vulmon Search

About

Products

Connect