CVE-2016-3078

Related Files

Ubuntu Security Notice USN-2984-1

Posted May 24, 2016

Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2984-1 - It was discovered that the PHP Fileinfo component incorrectly handled certain magic files. An attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 16.04 LTS. Hans Jerry Illikainen discovered that the PHP Zip extension incorrectly handled certain malformed Zip archives. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 16.04 LTS. Various other issues were also addressed.

tags | advisory, remote, denial of service, arbitrary, php

systems | linux, ubuntu

advisories | CVE-2015-8865, CVE-2016-3078, CVE-2016-3132, CVE-2016-4070, CVE-2016-4071, CVE-2016-4072, CVE-2016-4073, CVE-2016-4342, CVE-2016-4343, CVE-2016-4537, CVE-2016-4538, CVE-2016-4539, CVE-2016-4540, CVE-2016-4541, CVE-2016-4542, CVE-2016-4543, CVE-2016-4544

SHA-256 | 264cfc8cd7257e3fdc5b3ecb5d21a1ddea22e0c427eef2997d33a60a1c152159

Download | Favorite | View

PHP 7.x Heap Overflow

Posted Apr 28, 2016

Authored by Hans Jerry Illikainen

An integer wrap may occur in PHP 7.x before version 7.0.6 when reading zip files with the getFromIndex() and getFromName() methods of ZipArchive, resulting in a heap overflow. Full exploit included.

tags | exploit, overflow, php

advisories | CVE-2016-3078

SHA-256 | e8c95e113360c07e5f57ee1a402ad502f85525d7f354dd5b76ad74e45439655d

Download | Favorite | View