Description
The _zip_name_locate function in zip_name_locate.c in the Zip extension in PHP before 5.3.6 does not properly handle a ZIPARCHIVE::FL_UNCHANGED argument, which might allow context-dependent attackers to cause a denial of service (NULL pointer dereference) via an empty ZIP archive that is processed with a (1) locateName or (2) statName operation.
Remediation
References
Related Vulnerabilities
WordPress Plugin 404 SEO Redirection Cross-Site Scripting (1.3)
WordPress Plugin Video Gallery /w YouTube, Vimeo Multiple Vulnerabilities (8.80)
PHP Data Processing Errors Vulnerability (CVE-2015-4147)
Oracle Application Server CVE-2007-5521 Vulnerability (CVE-2007-5521)
WordPress Plugin Booking Calendar Contact Form Multiple Vulnerabilities (1.0.2)