CVE-2016-5772
Description
Memory corruption in PHP WDDX extension via crafted XML, leading to DoS or remote code execution.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Memory corruption in PHP WDDX extension via crafted XML, leading to DoS or remote code execution.
Vulnerability
A double-free vulnerability exists in the php_wddx_process_data function in wddx.c within the WDDX extension of PHP. The bug is triggered when wddx_deserialize mishandles crafted XML data, leading to a double-free condition. PHP versions before 5.5.37, 5.6.x before 5.6.23, and 7.x before 7.0.8 are affected [1][2][3].
Exploitation
An attacker can send specially crafted XML data to a PHP application that calls wddx_deserialize on untrusted input. No authentication or special network position is required, and the attacker does not need user interaction beyond the application processing the malicious input. The vulnerability is remotely exploitable over HTTP or any transport that delivers the crafted XML to the PHP WDDX deserialization routine.
Impact
Successful exploitation can cause a denial of service via application crash. In many scenarios, the double-free condition may also allow arbitrary code execution, giving the attacker full control of the affected system with the privileges of the PHP process.
Mitigation
Users should upgrade to PHP versions 5.5.37, 5.6.23, 7.0.8 or later, where the double-free bug is fixed [1][2][3]. Red Hat issued updated packages via RHSA-2016-2750 for Software Collections rh-php56 [2]. Apple included the fix in macOS Sierra 10.12 for the bundled PHP [4]. For systems where an immediate upgrade is not possible, disabling the WDDX extension (if not required) may mitigate risk.
AI Insight generated on May 23, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
7- osv-coords6 versionspkg:rpm/suse/php53&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP4pkg:rpm/suse/php53&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2011%20SP4pkg:rpm/suse/php53&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2011%20SP4pkg:rpm/suse/php5&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Web%20and%20Scripting%2012pkg:rpm/suse/php5&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP2-LTSSpkg:rpm/suse/php5&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP1
< 5.3.17-74.1+ 5 more
- (no CPE)range: < 5.3.17-74.1
- (no CPE)range: < 5.3.17-74.1
- (no CPE)range: < 5.3.17-74.1
- (no CPE)range: < 5.5.14-68.1
- (no CPE)range: < 5.2.14-0.7.30.89.1
- (no CPE)range: < 5.5.14-68.1
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
14- github.com/php/php-src/commit/a44c89e8af7c2410f4bfc5e097be2a5d0639a60cnvdPatchThird Party Advisory
- php.net/ChangeLog-5.phpnvdPatchRelease NotesVendor Advisory
- www.openwall.com/lists/oss-security/2016/06/23/4nvdMailing ListPatchThird Party Advisory
- bugs.php.net/bug.phpnvdExploitIssue TrackingVendor Advisory
- lists.apple.com/archives/security-announce/2016/Sep/msg00006.htmlnvdBroken LinkMailing ListThird Party Advisory
- lists.opensuse.org/opensuse-security-announce/2016-07/msg00004.htmlnvdMailing ListThird Party Advisory
- lists.opensuse.org/opensuse-security-announce/2016-08/msg00025.htmlnvdMailing ListThird Party Advisory
- lists.opensuse.org/opensuse-updates/2016-08/msg00003.htmlnvdMailing ListThird Party Advisory
- php.net/ChangeLog-7.phpnvdRelease NotesVendor Advisory
- rhn.redhat.com/errata/RHSA-2016-2750.htmlnvdThird Party Advisory
- www.debian.org/security/2016/dsa-3618nvdThird Party Advisory
- www.securityfocus.com/bid/91398nvdThird Party AdvisoryVDB Entry
- h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplaynvdThird Party Advisory
- support.apple.com/HT207170nvdThird Party Advisory
News mentions
0No linked articles in our index yet.