Description

Use-after-free vulnerability in the spl_ptr_heap_insert function in ext/spl/spl_heap.c in PHP before 5.5.27 and 5.6.x before 5.6.11 allows remote attackers to execute arbitrary code by triggering a failed SplMinHeap::compare operation.

Remediation

References

CVE-2015-4116

Related Vulnerabilities

Lighttpd NULL Pointer Dereference Vulnerability (CVE-2022-37797)

WordPress Plugin Event Tickets CSV Injection (4.10.7.1)

WordPress Plugin WP e-Commerce-Store Toolkit Privilege Escalation (2.0)

Apache Tomcat 7PK - Security Features Vulnerability (CVE-2014-9635)

WordPress Plugin Quiz and Survey Master (QSM)-Easy Quiz and Survey Maker SQL Injection (7.1.13)

Severity

Critical

Classification

CVE-2015-4116 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities