edit-icon download-icon

[Vulnerability notice] CVE-2016-3078: Integer overflow vulnerability in ZipArchive in PHP

Last Updated: Dec 15, 2017

Description

ZipArchive is a class library in PHP used for extracting zip packages. Researchers found that when the getFromIndex() and getFromName() methods are used in the PHP 7.x environment, specially constructed zip packages may cause a PHP program to overflow. As a result, remote attackers may start denial of service attacks or run arbitrary code.

Affected versions

PHP 7.0.x <= 7.0.5

Fix

Upgrade PHP to the latest version. For PHP 7.0.x users, upgrade to 7.0.6 or later.

Thank you! We've received your feedback.