VYPR
Critical severity9.8OSV Advisory· Published Aug 7, 2016· Updated Jun 17, 2026

CVE-2016-3078

CVE-2016-3078

Description

Multiple integer overflows in php_zip.c in the zip extension in PHP before 7.0.6 allow remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted call to (1) getFromIndex or (2) getFromName in the ZipArchive class.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

3
  • PHP/PHPOSV3 versions
    (expand)+ 2 more
    • (no CPE)
    • cpe:2.3:a:php:php:*:*:*:*:*:*:*:*range: >=7.0.0,<7.0.6
    • (no CPE)range: <7.0.6

Patches

Vulnerability mechanics

References

7

News mentions

0

No linked articles in our index yet.