The ZIP signature-verification feature in PHP before 5.6.26 and 7.x before 7.0.11 does not ensure that the uncompressed_filesize field is large enough, which allows remote attackers to cause a denial of service (out-of-bounds memory access) or possibly have unspecified other impact via a crafted PHAR archive, related to ext/phar/util.c and ext/phar/zip.c.
[
{
"digest": {
"function_hash": "101242370165513919491089039533970893552",
"length": 5223.0
},
"signature_type": "Function",
"target": {
"function": "phar_verify_signature",
"file": "ext/phar/util.c"
},
"deprecated": false,
"source": "https://github.com/php/php-src/commit/0bfb970f43acd1e81d11be1154805f86655f15d5",
"signature_version": "v1",
"id": "CVE-2016-7414-43943fa6"
},
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"244400190783885828915468846303400330131",
"220938297046291968895624677270232626954",
"217113816790544416622540442228774921754",
"72637125844662283035880695243814328574",
"164246766542830566394349227218824006821",
"160980979549708332661600367319968669695",
"247389591875603594575684201196652913762",
"33632015481981501695773000747706314048",
"139545094004363760544095452240714654415",
"136461186073909743546029373745291216650",
"262191750120340749570254217947750615443",
"329770936341848827278611144329266529055"
]
},
"signature_type": "Line",
"target": {
"file": "ext/phar/util.c"
},
"deprecated": false,
"source": "https://github.com/php/php-src/commit/0bfb970f43acd1e81d11be1154805f86655f15d5",
"signature_version": "v1",
"id": "CVE-2016-7414-b7c90076"
},
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"194244017137198307781582767011579174443",
"118184689874117657393240452738154088241",
"86817378469711086272257748017947586223",
"280630189565604860243635377343440368876"
]
},
"signature_type": "Line",
"target": {
"file": "ext/phar/zip.c"
},
"deprecated": false,
"source": "https://github.com/php/php-src/commit/0bfb970f43acd1e81d11be1154805f86655f15d5",
"signature_version": "v1",
"id": "CVE-2016-7414-bdfe8485"
},
{
"digest": {
"function_hash": "310861919766617533753547334896560365421",
"length": 17098.0
},
"signature_type": "Function",
"target": {
"function": "phar_parse_zipfile",
"file": "ext/phar/zip.c"
},
"deprecated": false,
"source": "https://github.com/php/php-src/commit/0bfb970f43acd1e81d11be1154805f86655f15d5",
"signature_version": "v1",
"id": "CVE-2016-7414-d0b8d27b"
}
]