Critical severity9.8NVD Advisory· Published Aug 7, 2016· Updated May 6, 2026

CVE-2016-3078

Description

Multiple integer overflows in php_zip.c in the zip extension in PHP before 7.0.6 allow remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted call to (1) getFromIndex or (2) getFromName in the ZipArchive class.

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

github.com/php/php-src/commit/3b8d4de300854b3517c7acb239b84f7726c1353cnvdPatchThird Party Advisory
www.openwall.com/lists/oss-security/2016/04/28/1nvdExploitMailing ListThird Party Advisory
bugs.php.net/bug.phpnvdExploitIssue TrackingVendor Advisory
www.exploit-db.com/exploits/39742/nvdExploitThird Party AdvisoryVDB Entry
www.securitytracker.com/id/1035701nvdBroken LinkThird Party AdvisoryVDB Entry
php.net/ChangeLog-7.phpnvdRelease NotesVendor Advisory
security-tracker.debian.org/tracker/CVE-2016-3078nvdThird Party Advisory

News mentions

No linked articles in our index yet.

cvss	0.637
epss	0.038
exploit	0.030
kev	0.000
patch	0.000
ransomware	0.000