SUSE-SU-2016:1504-1

Advisory lineage Upstream: 13 Downstream: 0

Upstream

CVE-2015-4116 CVE-2015-8873 CVE-2015-8874 CVE-2016-4342 CVE-2016-4346 CVE-2016-4537

Published: 06 Jun 2016, 15:39

Last modified:04 Feb 2026, 04:11

Vulnerability Summary

Overall Risk (default)

minimal

0/100

CVSS Score

No data

EPSS Score

No data

KEV

Not listed

Ransomware

No reports

Public exploits

None found

Dark Web

Not detected

Timeline

06 Jun 2016, 15:39

Published

Vulnerability first disclosed

04 Feb 2026, 04:11

Last Modified

Vulnerability information updated

Description

Security update for php5 This update for php5 fixes the following issues: Security issues fixed: - CVE-2016-4346: heap overflow in ext/standard/string.c (bsc#977994) - CVE-2016-4342: heap corruption in tar/zip/phar parser (bsc#977991) - CVE-2016-4537, CVE-2016-4538: bcpowmod accepts negative scale causing heap buffer overflow corrupting _one_ definition (bsc#978827) - CVE-2016-4539: Malformed input causes segmentation fault in xml_parse_into_struct() function (bsc#978828) - CVE-2016-4540, CVE-2016-4541: Out-of-bounds memory read in zif_grapheme_stripos when given negative offset (bsc#978829) - CVE-2016-4542, CVE-2016-4543, CVE-2016-4544: Out-of-bounds heap memory read in exif_read_data() caused by malformed input (bsc#978830) - CVE-2015-4116: Use-after-free vulnerability in the spl_ptr_heap_insert function (bsc#980366) - CVE-2015-8873: Stack consumption vulnerability in Zend/zend_exceptions.c (bsc#980373) - CVE-2015-8874: Stack consumption vulnerability in GD (bsc#980375)

Affected Systems

suse•php5&distro=SUSE Linux Enterprise Module for Web and Scripting 12
< 5.5.14-59.2
suse•php5&distro=SUSE Linux Enterprise Software Development Kit 12
< 5.5.14-59.2
suse•php5&distro=SUSE Linux Enterprise Software Development Kit 12 SP1
< 5.5.14-59.2

SUSE-SU-2016:1504-1

Vulnerability Summary

Timeline

Description

Affected Systems

References (23)