Description
Off-by-one error in the phar_parse_zipfile function in ext/phar/zip.c in PHP before 5.5.30 and 5.6.x before 5.6.14 allows remote attackers to cause a denial of service (uninitialized pointer dereference and application crash) by including the / filename in a .zip PHAR archive.
Remediation
References
Related Vulnerabilities
WordPress Plugin UPM Polls 'qid' Parameter SQL Injection (1.0.3)
WordPress Plugin WooCommerce PDF Invoices & Packing Slips Cross-Site Request Forgery (2.2.6)
WordPress Configuration Vulnerability (CVE-2009-2336)
WordPress Plugin Ultimate Membership Pro SQL Injection (3.3)
WordPress Plugin Check & Log Email Cross-Site Scripting (0.3)