All Products
Document Center

[Vulnerability notice] CVE-2016-3078: Integer overflow vulnerability in ZipArchive in PHP

Last Updated: Dec 15, 2017


ZipArchive is a class library in PHP used for extracting zip packages. Researchers found that when the getFromIndex() and getFromName() methods are used in the PHP 7.x environment, specially constructed zip packages may cause a PHP program to overflow. As a result, remote attackers may start denial of service attacks or run arbitrary code.

Affected versions

PHP 7.0.x <= 7.0.5


Upgrade PHP to the latest version. For PHP 7.0.x users, upgrade to 7.0.6 or later.