Unrated severityNVD Advisory· Published Apr 8, 2009· Updated Apr 23, 2026
CVE-2009-1272
CVE-2009-1272
Description
The php_zip_make_relative_path function in php_zip.c in PHP 5.2.x before 5.2.9 allows context-dependent attackers to cause a denial of service (crash) via a ZIP file that contains filenames with relative paths, which is not properly handled during extraction.
Affected products
10cpe:2.3:a:php:php:5.2.0:*:*:*:*:*:*:*+ 9 more
- cpe:2.3:a:php:php:5.2.0:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:5.2.1:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:5.2.2:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:5.2.3:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:5.2.4:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:5.2.4:*:windows:*:*:*:*:*
- cpe:2.3:a:php:php:5.2.5:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:5.2.6:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:5.2.7:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:5.2.8:*:*:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
10- www.php.net/releases/5_2_9.phpnvdVendor Advisory
- cvs.php.net/viewvc.cgi/php-src/ext/zip/php_zip.cnvd
- lists.apple.com/archives/security-announce/2009/Sep/msg00004.htmlnvd
- lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.htmlnvd
- marc.infonvd
- secunia.com/advisories/35685nvd
- secunia.com/advisories/36701nvd
- support.apple.com/kb/HT3865nvd
- www.openwall.com/lists/oss-security/2009/04/01/9nvd
- www.openwall.com/lists/oss-security/2009/04/09/1nvd
News mentions
0No linked articles in our index yet.