Description

The xml_parse_into_struct function in ext/xml/xml.c in PHP before 5.5.35, 5.6.x before 5.6.21, and 7.x before 7.0.6 allows remote attackers to cause a denial of service (buffer under-read and segmentation fault) or possibly have unspecified other impact via crafted XML data in the second argument, leading to a parser level of zero.

Remediation

References

CVE-2016-4539

Related Vulnerabilities

PleskLin Exposure of Resource to Wrong Sphere Vulnerability (CVE-2023-43784)

Perl Resource Management Errors Vulnerability (CVE-2013-1667)

WordPress Plugin Super Store Finder for WordPress (Google Maps Store Locator) Arbitrary File Upload (6.1)

Sqlite Improper Resource Shutdown or Release Vulnerability (CVE-2015-3415)

WordPress Plugin EmbedStories-Display social media stories Cross-Site Scripting (0.7.4)

Severity

Critical

Classification

CVE-2016-4539 CWE-119 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities