CVE-2015-2331

Integer overflow in the zipcdirnew function in zipdirent.c in libzip 0.11.2 and earlier, as used in the ZIP extension in PHP before 5.4.39, 5.5.x before 5.5.23, and 5.6.x before 5.6.7 and other products, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a ZIP archive that contains many entries, leading to a heap-based buffer overflow.

References

http://hg.nih.at/libzip/rev/9f11d54f692e
http://www.debian.org/security/2015/dsa-3198
http://www.mandriva.com/security/advisories?name=MDVSA-2015:079
https://bugs.php.net/bug.php?id=69253
http://git.php.net/?p=php-src.git%3Ba=commit%3Bh=ef8fc4b53d92fbfcd8ef1abbd6f2f5fe2c4a11e5
http://lists.apple.com/archives/security-announce/2015/Sep/msg00008.html
http://lists.fedoraproject.org/pipermail/package-announce/2015-April/154266.html
http://lists.fedoraproject.org/pipermail/package-announce/2015-April/154276.html
http://lists.fedoraproject.org/pipermail/package-announce/2015-April/154666.html
http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155299.html
http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155622.html
http://lists.fedoraproject.org/pipermail/package-announce/2015-March/153983.html
http://lists.opensuse.org/opensuse-updates/2015-03/msg00083.html
http://lists.opensuse.org/opensuse-updates/2015-04/msg00002.html
http://marc.info/?l=bugtraq&m=143403519711434&w=2
http://marc.info/?l=bugtraq&m=143748090628601&w=2
http://marc.info/?l=bugtraq&m=144050155601375&w=2
http://php.net/ChangeLog-5.php
http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html
http://www.securitytracker.com/id/1031985
https://support.apple.com/HT205267

CVE-2015-2331

Affected packages