VYPR
Unrated severityNVD Advisory· Published Dec 11, 2015· Updated Jun 17, 2026

CVE-2015-7804

CVE-2015-7804

Description

Off-by-one error in the phar_parse_zipfile function in ext/phar/zip.c in PHP before 5.5.30 and 5.6.x before 5.6.14 allows remote attackers to cause a denial of service (uninitialized pointer dereference and application crash) by including the / filename in a .zip PHAR archive.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

17
  • PHP/PHP16 versions
    cpe:2.3:a:php:php:*:*:*:*:*:*:*:*+ 15 more
    • cpe:2.3:a:php:php:*:*:*:*:*:*:*:*range: <=5.5.29
    • cpe:2.3:a:php:php:5.6.0:*:*:*:*:*:*:*
    • cpe:2.3:a:php:php:5.6.1:*:*:*:*:*:*:*
    • cpe:2.3:a:php:php:5.6.10:*:*:*:*:*:*:*
    • cpe:2.3:a:php:php:5.6.11:*:*:*:*:*:*:*
    • cpe:2.3:a:php:php:5.6.12:*:*:*:*:*:*:*
    • cpe:2.3:a:php:php:5.6.13:*:*:*:*:*:*:*
    • cpe:2.3:a:php:php:5.6.2:*:*:*:*:*:*:*
    • cpe:2.3:a:php:php:5.6.3:*:*:*:*:*:*:*
    • cpe:2.3:a:php:php:5.6.4:*:*:*:*:*:*:*
    • cpe:2.3:a:php:php:5.6.5:*:*:*:*:*:*:*
    • cpe:2.3:a:php:php:5.6.6:*:*:*:*:*:*:*
    • cpe:2.3:a:php:php:5.6.7:*:*:*:*:*:*:*
    • cpe:2.3:a:php:php:5.6.8:*:*:*:*:*:*:*
    • cpe:2.3:a:php:php:5.6.9:*:*:*:*:*:*:*
    • (no CPE)range: <5.5.30 || >=5.6.0 <5.6.14
  • cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*
    Range: <=10.11.1

Patches

Vulnerability mechanics

References

12

News mentions

0

No linked articles in our index yet.