CVE-2016-3078

🗓️ 07 Aug 2016 10:00:00Reported by redhatType

cve

cve🔗 web.nvd.nist.gov📰️ 3 Media mentions👁 124 Views🌐 WEB

CVE-2016-3078 PHP 7.0.6 Zip Extension Integer Overflow

Reporter	Title	Published	Views	Family All 35
0day.today	PHP 7.0.5 - ZipArchive::getFrom* Integer Overflow	28 Apr 201600:00	–	zdt
Tenable Nessus	PHP 5.5.x < 5.5.37 / 5.6.x < 5.6.23 / 7.0.x < 7.0.8 Multiple Vulnerabilities	13 Jul 201600:00	–	nessus
Tenable Nessus	Fedora 23 : php-pecl-zip (2016-4f3c77ef90)	15 Jul 201600:00	–	nessus
Tenable Nessus	Fedora 24 : php-pecl-zip (2016-79ac80a0d5)	15 Jul 201600:00	–	nessus
Tenable Nessus	PHP 7.0.x < 7.0.6 Multiple Vulnerabilities	5 May 201600:00	–	nessus
Tenable Nessus	Ubuntu 14.04 LTS / 16.04 LTS : PHP vulnerabilities (USN-2984-1)	25 May 201600:00	–	nessus
Tenable Nessus	PHP 7.0.x < 7.0.6 Multiple Vulnerabilities	9 Jan 201900:00	–	nessus
Circl	CVE-2016-3078	27 Jan 202611:00	–	circl
CNVD	PHP ZipArchive::getFrom* Integer Overflow Vulnerability	28 Apr 201600:00	–	cnvd
Check Point Advisories	PHP ZIP Archive Heap Overflow (CVE-2016-3078)	3 May 201600:00	–	checkpoint_advisories

NVD

Node

php phpRange7.0.0–7.0.6

Source	Link
openwall	www.openwall.com/lists/oss-security/2016/04/28/1
github	www.github.com/php/php-src/commit/3b8d4de300854b3517c7acb239b84f7726c1353c
bugs	www.bugs.php.net/bug.php
securitytracker	www.securitytracker.com/id/1035701
security-tracker	www.security-tracker.debian.org/tracker/CVE-2016-3078
php	www.php.net/ChangeLog-7.php
exploit-db	www.exploit-db.com/exploits/39742/

Parameter	Position	Path	Description	CWE
file	upload data	upload.php	Remote overflow via crafted ZIP upload to ZipArchive getFromIndex/getFromName, causing heap overflow and possible crash (CWE-190).	CWE-190

06 May 2026 22:30Current

9.8High risk

Vulners AI Score9.8

CVSS 27.5

CVSS 3.19.8

EPSS0.48113

cve 2016 3078 php zip extension integer overflows denial of service heap-based buffer overflow application crash ziparchive class