Integer overflow in the _zip_cdir_new function in zip_dirent.c in libzip 0.11.2 and previous versions, as used in the ZIP extension in PHP prior to 5.4.39, 5.5.x prior to 5.5.23, and 5.6.x prior to 5.6.7 and other products, allows remote malicious users to cause a denial of service (application crash) or possibly execute arbitrary code via a ZIP archive that contains many entries, leading to a heap-based buffer overflow.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
nih libzip |
||
php php 5.6.1 |
||
php php 5.5.0 |
||
php php 5.6.0 |
||
php php 5.6.5 |
||
php php 5.5.19 |
||
php php 5.5.16 |
||
php php 5.5.1 |
||
php php 5.5.5 |
||
php php 5.6.4 |
||
php php 5.5.21 |
||
php php 5.6.6 |
||
php php 5.5.17 |
||
php php 5.5.14 |
||
php php 5.5.7 |
||
php php 5.6.2 |
||
php php 5.5.12 |
||
php php |
||
php php 5.5.6 |
||
php php 5.5.3 |
||
php php 5.5.8 |
||
php php 5.5.15 |
||
php php 5.5.11 |
||
php php 5.5.13 |
||
php php 5.5.4 |
||
php php 5.5.10 |
||
php php 5.6.3 |
||
php php 5.5.22 |
||
php php 5.5.18 |
||
php php 5.5.20 |
||
php php 5.5.2 |
||
php php 5.5.9 |
||
fedoraproject fedora 22 |
||
debian debian linux 7.0 |
||
opensuse opensuse 13.1 |
||
opensuse opensuse 13.2 |