Description
Integer signedness error in zip_stream.c in the Zip extension in PHP before 5.3.6 allows context-dependent attackers to cause a denial of service (CPU consumption) via a malformed archive file that triggers errors in zip_fread function calls.
Remediation
References
Related Vulnerabilities
MySQL CVE-2012-1703 Vulnerability (CVE-2012-1703)
WordPress Plugin Backup Bank:WordPress Backup Security Bypass (4.0.28)
Apache Traffic Server CVE-2022-47185 Vulnerability (CVE-2022-47185)
WordPress Plugin Woo Import Export Arbitrary File Deletion (1.0)
WordPress Plugin The Events Calendar Security Bypass (3.11.2)