Description

Use-after-free vulnerability in the spl_ptr_heap_insert function in ext/spl/spl_heap.c in PHP before 5.5.27 and 5.6.x before 5.6.11 allows remote attackers to execute arbitrary code by triggering a failed SplMinHeap::compare operation.

Remediation

References

CVE-2015-4116

Related Vulnerabilities

WordPress Plugin Easy Digital Downloads Attach Accounts to Orders Cross-Site Scripting (2.0.1)

Drupal Core 6.x Multiple Vulnerabilities (6.0 - 6.3)

WordPress Plugin Schema App Structured Data Unspecified Vulnerability (0.5.4)

OpenSSL Cryptographic Issues Vulnerability (CVE-2015-3197)

TYPO3 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2015-8755)

Severity

Critical

Classification

CVE-2015-4116 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities