UBUNTU-CVE-2015-7804

Advisory lineage Upstream: 1 Downstream: 1
Upstream
CVE-2015-7804
Downstream
USN-2786-1
Published: 12 Oct 2015, 00:00
Last modified:22 Apr 2026, 10:19

Vulnerability Summary

Overall Risk (default)
minimal
0/100
CVSS Score
No data
EPSS Score
No data
KEV
Not listed
Ransomware
No reports
Public exploits
None found
Dark Web
Not detected

Timeline

12 Oct 2015, 00:00
Published
Vulnerability first disclosed
22 Apr 2026, 10:19
Last Modified
Vulnerability information updated

Description

Off-by-one error in the phar_parse_zipfile function in ext/phar/zip.c in PHP before 5.5.30 and 5.6.x before 5.6.14 allows remote attackers to cause a denial of service (uninitialized pointer dereference and application crash) by including the / filename in a .zip PHAR archive.

Affected Systems

  • ubuntuphp5

    < 5.5.9+dfsg-1ubuntu4.14

References (3)