Description
The php_wddx_pop_element function in ext/wddx/wddx.c in PHP before 5.6.25 and 7.x before 7.0.10 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) or possibly have unspecified other impact via an invalid base64 binary value, as demonstrated by a wddx_deserialize call that mishandles a binary element in a wddxPacket XML document.
Remediation
References
Related Vulnerabilities
WordPress Plugin Media from FTP PHP Object Injection (9.79)
WordPress Plugin Google Pagespeed Insights Cross-Site Scripting (3.0.0)
Atlassian Jira Improper Authentication Vulnerability (CVE-2021-26070)
WordPress Plugin Lana Email Logger Cross-Site Scripting (1.0.2)
Apache HTTP Server CVE-2003-0789 Vulnerability (CVE-2003-0789)