PHP (IBB): xml_parse_into_struct segmentation fault

ID H1:135294
Type hackerone
Reporter fms
Modified 2019-10-13T18:06:53


Invalid memory access while parsing XML input using xml_parse_into_struct, parser->level wasn't being checked and then used as an offset parser->ltags[parser->level-1].

Reported to developers on 2016-04-25, fixed 2016-04-25 and released at 2016-04-28, affected PHP 5.5 , 5.6 and 7.