PHP 5.3 < 5.3.6 String To Double Conversion DoS


Versions of PHP 5.3 earlier than 5.3.6 are potentially affected by multiple vulnerabilities : - An error exists in the function '_zip_name_locate()' in the file 'ext/zip/lib/zip_name_locate.c' which allows a NULL pointer to be dereferenced when processing an empty archive. (CVE-2011-0421) - A variable casting error exists in the Exif extension's C function 'exif_process_IFD_TAG()' in the file 'ext/exif/exif.c' could allow arbitrary code execution. (CVE-2011-0708) - An integer overflow vulnerability exists in the implementation of the PHP function 'shmop_read' in the file 'ext/shmop/shmop.c'. (CVE-2011-1092) - An error exists in the file 'phar/phar_object.c' n which calls to 'zend_throw_exception_ex()' pass data as a string format parameter which could lead to information disclosure or memory corruption when handling PHP archives. (CVE-2011-1153) - A buffer overflow error exists in the C function 'xbuf_format_converter' in the file 'main/snprintf.c' when the PHP configuration setting for 'precision' is set to a large value. (Bug 54055) - An unspecified error exists in the security enforcement regarding the parsing of the fastcgi protocol with the 'FastCGI Process Manager' (FPM) SAPI.