Integer overflow in the fread function in ext/standard/file.c in PHP before 5.5.36 and 5.6.x before 5.6.22 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a large integer in the second argument.
{ "vanir_signatures": [ { "deprecated": false, "target": { "file": "ext/standard/file.c" }, "source": "https://github.com/php/php-src/commit/abd159cce48f3e34f08e4751c568e09677d5ec9c", "digest": { "threshold": 0.9, "line_hashes": [ "59658699804530916909432655870060592158", "150474154856362723912272717948342756027", "317588566651663129606302716960869322617" ] }, "id": "CVE-2016-5096-9cdc50fc", "signature_version": "v1", "signature_type": "Line" }, { "deprecated": false, "target": { "function": "PHP_FUNCTION", "file": "ext/standard/file.c" }, "source": "https://github.com/php/php-src/commit/abd159cce48f3e34f08e4751c568e09677d5ec9c", "digest": { "function_hash": "85333988347855488580493020040994606941", "length": 572.0 }, "id": "CVE-2016-5096-efa3368b", "signature_version": "v1", "signature_type": "Function" } ] }