The ZIP signature-verification feature in PHP before 5.6.26 and 7.x before 7.0.11 does not ensure that the uncompressed_filesize field is large enough, which allows remote attackers to cause a denial of service (out-of-bounds memory access) or possibly have unspecified other impact via a crafted PHAR archive, related to ext/phar/util.c and ext/phar/zip.c.

OSVersionArchitecturePackageVersionFilename
Debian9allphp7.0< 7.0.33-0+deb9u8php7.0_7.0.33-0+deb9u8_all.deb

OS	Version	Architecture	Package	Version	Filename
Debian	9	all	php7.0	< 7.0.33-0+deb9u8	php7.0_7.0.33-0+deb9u8_all.deb

cve 1

redhatcve 1

alpinelinux 1

nvd 1

veracode 2

cvelist 1

prion 1

f5 2

ubuntucve 1

openvas 25

amazon 2

nessus 35

freebsd 2

suse 8

slackware 1

mageia 1

fedora 2

archlinux 1

debian 3

osv 1

cloudfoundry 1

ubuntu 1

redhat 1

gentoo 1

cloudlinux 1

apple 2

rosalinux 1

cve

CVE-2016-7414

2016-09-17 21:59:06

redhatcve

CVE-2016-7414

2016-09-19 13:18:49

alpinelinux

CVE-2016-7414

2016-09-17 21:59:06

nvd

CVE-2016-7414

2016-09-17 21:59:06

veracode

Denial Of Service (DoS) Through Memory Corruption

2019-05-16 02:59:58

Use After Free

2019-05-16 02:59:58

cvelist

CVE-2016-7414

2016-09-17 21:00:00

prion

Out-of-bounds

2016-09-17 21:59:00

K39712275 : PHP vulnerability CVE-2016-7414

2016-10-10 00:00:00

SOL39712275 - PHP vulnerability CVE-2016-7414

2016-10-10 00:00:00

ubuntucve

CVE-2016-7414

2016-09-17 00:00:00

openvas

Amazon Linux: Security Advisory (ALAS-2016-754)

2016-10-26 00:00:00

PHP Multiple Vulnerabilities - 03 (Sep 2016) - Windows

2016-09-12 00:00:00

PHP Multiple Vulnerabilities - 03 (Sep 2016) - Linux

2016-09-12 00:00:00

amazon

Medium: php70

2016-10-12 17:00:00

Medium: php56

2016-10-12 17:00:00

nessus

PHP 7.0.x < 7.0.11 Multiple Vulnerabilities

2019-01-09 00:00:00

FreeBSD : PHP -- multiple vulnerabilities (f471032a-8700-11e6-8d93-00248c0c745d)

2016-10-17 00:00:00

PHP 7.0.x < 7.0.11 Multiple Vulnerabilities

2016-09-22 00:00:00

freebsd

PHP -- multiple vulnerabilities

2016-09-15 00:00:00

PHP -- multiple vulnerabilities

2016-09-16 00:00:00

suse

Security update for php5 (important)

2016-10-04 16:10:25

Security update for php5 (important)

2016-10-14 16:11:34

Security update for php53 (important)

2016-10-06 01:08:31

slackware

[slackware-security] php

2016-09-23 23:31:48

mageia

Updated php packages fix security vulnerabilities

2016-09-25 18:45:31

fedora

[SECURITY] Fedora 23 Update: php-5.6.26-1.fc23

2016-09-28 04:52:34

[SECURITY] Fedora 24 Update: php-5.6.26-1.fc24

2016-09-27 03:58:11

archlinux

php: multiple issues

2016-09-18 00:00:00

debian

[SECURITY] [DLA 749-1] php5 security update

2016-12-16 21:48:18

[SECURITY] [DSA 3689-1] php5 security update

2016-10-08 13:53:04

[SECURITY] [DSA 3689-1] php5 security update

2016-10-08 13:53:04

osv

php5 - security update

2016-12-16 00:00:00

cloudfoundry

USN-3095-1 PHP vulnerabilities | Cloud Foundry

2016-10-04 00:00:00

ubuntu

PHP vulnerabilities

2016-10-04 00:00:00

redhat

(RHSA-2018:1296) Moderate: rh-php70-php security, bug fix, and enhancement update

2018-05-03 03:21:11

gentoo

PHP: Multiple vulnerabilities

2016-11-30 00:00:00

cloudlinux

Fix of 227 CVE

2020-10-15 12:00:00

apple

About the security content of macOS Sierra 10.12.2, Security Update 2016-003 El Capitan, and Security Update 2016-007 Yosemite - Apple Support

2020-07-27 08:14:17

About the security content of macOS Sierra 10.12.2, Security Update 2016-003 El Capitan, and Security Update 2016-007 Yosemite

2016-12-13 00:00:00

rosalinux

Advisory ROSA-SA-2021-1950

2021-07-02 17:57:45

Solutions

Vulnerabilities intelligence
Perimeter control tool
Linux scanner
Windows scanner
Developers SDK
Security Intelligence feeds

Database

Vulnerabilities
Exploits
Security News
BugBounty
Wild Exploited
Top Vulnerabilities
CVE Feed

Resources

Statics & Sources
Plugins
API docs
FAQ
Blog
Glossary

Company

About
Contacts
Pricing
EULA
Privacy Policy
Submission Policy
OpenSource

@2024 Vulners Inc

0.022 Low

EPSS

Percentile

89.6%

JSON

Related for DEBIANCVE:CVE-2016-7414