Integer overflow in the fread function in ext/standard/file.c in PHP before 5.5.36 and 5.6.x before 5.6.22 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a large integer in the second argument.
[
{
"source": "https://github.com/php/php-src/commit/abd159cce48f3e34f08e4751c568e09677d5ec9c",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Line",
"target": {
"file": "ext/standard/file.c"
},
"digest": {
"threshold": 0.9,
"line_hashes": [
"59658699804530916909432655870060592158",
"150474154856362723912272717948342756027",
"317588566651663129606302716960869322617"
]
},
"id": "CVE-2016-5096-9cdc50fc"
},
{
"source": "https://github.com/php/php-src/commit/abd159cce48f3e34f08e4751c568e09677d5ec9c",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Function",
"target": {
"function": "PHP_FUNCTION",
"file": "ext/standard/file.c"
},
"digest": {
"function_hash": "85333988347855488580493020040994606941",
"length": 572.0
},
"id": "CVE-2016-5096-efa3368b"
}
]