The phpwddxprocessdata function in ext/wddx/wddx.c in PHP before 5.6.25 and 7.x before 7.0.10 allows remote attackers to cause a denial of service (segmentation fault) or possibly have unspecified other impact via an invalid ISO 8601 time value, as demonstrated by a wddxdeserialize call that mishandles a dateTime element in a wddxPacket XML document.
[ { "signature_type": "Function", "deprecated": false, "source": "https://github.com/php/php-src/commit/426aeb2808955ee3d3f52e0cfb102834cdb836a5", "signature_version": "v1", "target": { "function": "php_wddx_process_data", "file": "ext/wddx/wddx.c" }, "digest": { "function_hash": "207752203489674637258461348437909675768", "length": 2167.0 }, "id": "CVE-2016-7129-0f587202" }, { "signature_type": "Line", "deprecated": false, "source": "https://github.com/php/php-src/commit/426aeb2808955ee3d3f52e0cfb102834cdb836a5", "signature_version": "v1", "target": { "file": "ext/wddx/wddx.c" }, "digest": { "threshold": 0.9, "line_hashes": [ "100746592040061552942195937806632514478", "316230420235043107608903478248415684524", "56414458261142380831923594411464900415", "310203181746593072835072850754279412909", "209498715490287908413716796478832502934", "171527531426849050977209914707896583388", "61557349023981301762487451910583425792", "59685776337875011648020334027856268353", "140630431376369825881665446161955604718", "134644370982157049159950740693103025840", "313715040943910129910114612432803697526", "240402492344113374999476638738733620501", "614431119882657595008114932897763408" ] }, "id": "CVE-2016-7129-d94fc47b" } ]