Double free vulnerability in the php_wddx_process_data function in wddx.c in the WDDX extension in PHP prior to 5.5.37, 5.6.x prior to 5.6.23, and 7.x prior to 7.0.8 allows remote malicious users to cause a denial of service (application crash) or possibly execute arbitrary code via crafted XML data that is mishandled in a wddx_deserialize call.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
php php |
||
suse linux enterprise server 11 |
||
suse linux enterprise software development kit 11 |
||
suse linux enterprise debuginfo 11 |
||
opensuse leap 42.1 |
||
opensuse opensuse 13.2 |
||
debian debian linux 8.0 |