MGASA-2017-0040

Advisory lineage Upstream: 4 Downstream: 0

Upstream

CVE-2016-10158 CVE-2016-10159 CVE-2016-10160 CVE-2016-10161

Published: 04 Feb 2017, 18:41

Last modified:16 Apr 2026, 06:24

Vulnerability Summary

Overall Risk (default)

minimal

0/100

CVSS Score

No data

EPSS Score

No data

KEV

Not listed

Ransomware

No reports

Public exploits

None found

Dark Web

Not detected

Timeline

04 Feb 2017, 18:41

Published

Vulnerability first disclosed

16 Apr 2026, 06:24

Last Modified

Vulnerability information updated

Description

Updated php packages fix security vulnerabilities Floating-point exception in php-exif when parsing a tag format (CVE-2016-10158). Crash in php-phar while loading hostile phar archive (CVE-2016-10159). Memory corruption in php-phar when loading hostile phar (CVE-2016-10160). Heap out of bounds read on unserialize in finish_nested_data() (CVE-2016-10161).

Affected Systems

mageia•php
< 5.6.30-1.mga5

References (3)

https://advisories.mageia.org/MGASA-2017-0040.html
https://bugs.mageia.org/show_bug.cgi?id=20185
http://php.net/ChangeLog-5.php#5.6.30