CVE-2016-3078
published 2016-08-07CVE-2016-3078: Multiple integer overflows in php_zip.c in the zip extension in PHP before 7.0.6 allow remote attackers to cause a denial of service (heap-based buffer…
PriorityP268critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EXPLOIT
EPSS
58.51%
99.0th percentile
Multiple integer overflows in php_zip.c in the zip extension in PHP before 7.0.6 allow remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted call to (1) getFromIndex or (2) getFromName in the ZipArchive class.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| php | php | >= 7.0.0 < 7.0.6 | 7.0.6 |
| php5 | php5 | >= 0 < 5.5.9+dfsg-1ubuntu4.17 | 5.5.9+dfsg-1ubuntu4.17 |
Detection & IOCsextracted from sources · hover to see the quote
- →Monitor PHP applications invoking ZipArchive::getFromIndex() or ZipArchive::getFromName() with attacker-controlled zip files, particularly on 32-bit PHP 7.x systems where integer wrap of uncomp_size can trigger a heap overflow. ↗
- →Alert on PHP-FPM processes (php-fpm 7.0.x on i686/32-bit) crashing or spawning unexpected child processes after processing uploaded zip archives, consistent with heap overflow exploitation. ↗
- ·The heap overflow is only reliably exploitable on 32-bit PHP 7.x builds; on 64-bit systems zip_fread() catches the wrapped size via the ZIP_INT64_MAX guard and returns an error instead of overflowing. ↗
- ·All Red Hat Enterprise Linux packages (php, php53, php54-php, php55-php, rh-php56-php) are listed as Not Affected, so RHEL-based detections should focus on upstream PHP 7.0.x deployments only. ↗
- ·The vulnerability is fixed in PHP 7.0.6; systems running PHP >= 7.0.6 are not vulnerable and detections should be scoped to PHP 7.0.0–7.0.5. ↗
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
osv9.8CRITICAL
vendor_redhat9.8CRITICAL
vendor_ubuntu7.3HIGH
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
CISA ICS
Festo Didactic SE MES PC
cisa_ics·2026-01-27·CVSS 7.5
[HIGH] Festo Didactic SE MES PC
ICS Advisory
##
Festo Didactic SE MES PC
Release DateJanuary 27, 2026
Alert CodeICSA-26-027-02
Related topics:
Industrial Control System Vulnerabilities, Industrial Control Systems
View CSAF
## Summary
MES PCs shipped with Windows 10 come pre-installed with XAMPP. XAMPP is a bundle of third-party open-source applications including the Apache HTTP Server, the MariaDB database and more. From time to time, vulnerabilities in these applications are discovered. These are fixed in newer versions of XAMPP by updating the bundled applications. MES PCs shipped with Windows 10 include a copy of XAMPP which contains around 140 such vulnerabilities listed in this advisory. They can be fixed by replacing XAMPP with Festo Didactic's Factory Control Panel application.
The
Ubuntu
PHP vulnerabilities
vendor_ubuntu·2016-05-24·CVSS 7.3
CVE-2015-8865 [HIGH] PHP vulnerabilities
Title: PHP vulnerabilities
Summary: Several security issues were fixed in PHP.
It was discovered that the PHP Fileinfo component incorrectly handled
certain magic files. An attacker could use this issue to cause PHP to
crash, resulting in a denial of service, or possibly execute arbitrary
code. This issue only affected Ubuntu 16.04 LTS. (CVE-2015-8865)
Hans Jerry Illikainen discovered that the PHP Zip extension incorrectly
handled certain malformed Zip archives. A remote attacker could use this
issue to cause PHP to crash, resulting in a denial of service, or possibly
execute arbitrary code. This issue only affected Ubuntu 16.04 LTS.
(CVE-2016-3078)
It was discovered that PHP incorrectly handled invalid indexes in the
SplDoublyLinkedList class. An attacker could use this issue to cause
Red Hat
php: Heap overflow caused by integer overflow when reading zip files in ZipArchive
vendor_redhat·2016-04-28·CVSS 9.8
CVE-2016-3078 [CRITICAL] CWE-190 php: Heap overflow caused by integer overflow when reading zip files in ZipArchive
php: Heap overflow caused by integer overflow when reading zip files in ZipArchive
Multiple integer overflows in php_zip.c in the zip extension in PHP before 7.0.6 allow remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted call to (1) getFromIndex or (2) getFromName in the ZipArchive class.
Package: php (Red Hat Enterprise Linux 5) - Not affected
Package: php53 (Red Hat Enterprise Linux 5) - Not affected
Package: php (Red Hat Enterprise Linux 6) - Not affected
Package: php (Red Hat Enterprise Linux 7) - Not affected
Package: php (Red Hat OpenShift Enterprise 2) - Not affected
Package: php54-php (Red Hat Software Collections) - Not affected
Package: php55-php (Red Hat Software Collect
GHSA
GHSA-rj5f-q94x-7mf7: Multiple integer overflows in php_zip
ghsa_unreviewed·2022-05-17
CVE-2016-3078 [CRITICAL] CWE-190 GHSA-rj5f-q94x-7mf7: Multiple integer overflows in php_zip
Multiple integer overflows in php_zip.c in the zip extension in PHP before 7.0.6 allow remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted call to (1) getFromIndex or (2) getFromName in the ZipArchive class.
OSV
php5, php7.0 vulnerabilities
osv·2016-05-24·CVSS 7.3
CVE-2015-8865 [HIGH] php5, php7.0 vulnerabilities
php5, php7.0 vulnerabilities
It was discovered that the PHP Fileinfo component incorrectly handled
certain magic files. An attacker could use this issue to cause PHP to
crash, resulting in a denial of service, or possibly execute arbitrary
code. This issue only affected Ubuntu 16.04 LTS. (CVE-2015-8865)
Hans Jerry Illikainen discovered that the PHP Zip extension incorrectly
handled certain malformed Zip archives. A remote attacker could use this
issue to cause PHP to crash, resulting in a denial of service, or possibly
execute arbitrary code. This issue only affected Ubuntu 16.04 LTS.
(CVE-2016-3078)
It was discovered that PHP incorrectly handled invalid indexes in the
SplDoublyLinkedList class. An attacker could use this issue to cause PHP to
crash, resulting in a denial of service, or
OSV
CVE-2016-3078: Multiple integer overflows in php_zip
osv·2016-04-29·CVSS 9.8
CVE-2016-3078 [CRITICAL] CVE-2016-3078: Multiple integer overflows in php_zip
Multiple integer overflows in php_zip.c in the zip extension in PHP before 7.0.6 allow remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted call to (1) getFromIndex or (2) getFromName in the ZipArchive class.
No detection rules found.
http://www.openwall.com/lists/oss-security/2016/04/28/1http://www.securitytracker.com/id/1035701https://bugs.php.net/bug.php?id=71923https://github.com/php/php-src/commit/3b8d4de300854b3517c7acb239b84f7726c1353c?w=1https://php.net/ChangeLog-7.phphttps://security-tracker.debian.org/tracker/CVE-2016-3078https://www.exploit-db.com/exploits/39742/http://www.openwall.com/lists/oss-security/2016/04/28/1http://www.securitytracker.com/id/1035701https://bugs.php.net/bug.php?id=71923https://github.com/php/php-src/commit/3b8d4de300854b3517c7acb239b84f7726c1353c?w=1https://php.net/ChangeLog-7.phphttps://security-tracker.debian.org/tracker/CVE-2016-3078https://www.exploit-db.com/exploits/39742/
2016-08-07
Published