3 matches found
CVE-2012-2386
Integer overflow in the pharparsetarfile function in tar.c in the phar extension in PHP before 5.3.14 and 5.4.x before 5.4.4 allows remote attackers to cause a denial of service application crash or possibly execute arbitrary code via a crafted tar file that triggers a heap-based buffer overflow...
Fedora 16 : maniadrive-1.2-32.fc16.6 / php-5.3.14-1.fc16 / php-eaccelerator-0.9.6.1-9.fc16.6 (2012-9762)
The PHP development team would like to announce the immediate availability of PHP 5.3.14. All users of PHP are encouraged to upgrade to PHP 5.3.14. The release fixes multiple security issues: A weakness in the DES implementation of crypt and a heap overflow issue in the phar extension. PHP 5.3.14...
CVE-2012-2386
Integer overflow in the pharparsetarfile function in tar.c in the phar extension in PHP before 5.3.14 and 5.4.x before 5.4.4 allows remote attackers to cause a denial of service application crash or possibly execute arbitrary code via a crafted tar file that triggers a heap-based buffer overflow...