Description
Multiple integer overflows in php_zip.c in the zip extension in PHP before 7.0.6 allow remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted call to (1) getFromIndex or (2) getFromName in the ZipArchive class.
Remediation
References
Related Vulnerabilities
WordPress Plugin Controlled Admin Access Security Bypass (1.5.5)
WordPress Plugin WP STAGING WordPress Backup-Migration Backup Restore Information Disclosure (3.4.3)
OpenSSL Cryptographic Issues Vulnerability (CVE-2014-3568)
phpMyAdmin Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2016-2039)
Jenkins Improper Input Validation Vulnerability (CVE-2016-0792)