Description
The _zip_name_locate function in zip_name_locate.c in the Zip extension in PHP before 5.3.6 does not properly handle a ZIPARCHIVE::FL_UNCHANGED argument, which might allow context-dependent attackers to cause a denial of service (NULL pointer dereference) via an empty ZIP archive that is processed with a (1) locateName or (2) statName operation.
Remediation
References
Related Vulnerabilities
WordPress Plugin All-In-One Security (AIOS)-Security and Firewall Cross-Site Scripting (4.4.5)
Vanilla Forums Other Vulnerability (CVE-2011-3614)
Vanilla Forums Improper Input Validation Vulnerability (CVE-2011-0908)
WordPress Plugin GiveWP-Donation and Fundraising Platform SQL Injection (2.24.0)
Squid Insufficient Verification of Data Authenticity Vulnerability (CVE-2016-4554)