Hugh

**Name of the Vulnerable Software and Affected Versions** PHP versions prior to 5.5.34 PHP versions 5.6.x prior to 5.6.20 PHP versions 7.x prior to 7.0.5 Fileinfo component in file before 5.23 **Description** The issue is caused by a buffer overflow in the `file check mem` function, which can be exploited by a remote attacker to cause a denial of service or possibly execute arbitrary code via a specially crafted magic file. The `file check mem` function mishandles continuation-level jumps. **Recommendations** For PHP versions prior to 5.5.34, update to version 5.5.34 or later. For PHP versions 5.6.x prior to 5.6.20, update to version 5.6.20 or later. For PHP versions 7.x prior to 7.0.5, update to version 7.0.5 or later. For the Fileinfo component in file before 5.23, update to version 5.23 or later. As a temporary workaround, consider restricting access to the `file check mem` function in the Fileinfo component until a patch is available.

**Name of the Vulnerable Software and Affected Versions** PHP versions prior to 5.5.30 PHP versions 5.6.x prior to 5.6.14 **Description** The issue is related to an off-by-one error in the `phar parse zipfile` function, which can be exploited by remote attackers to cause a denial of service. This is achieved by including the `/` filename in a `.zip` PHAR archive, leading to an uninitialized pointer dereference and application crash. **Recommendations** For PHP versions prior to 5.5.30, update to version 5.5.30 or later. For PHP versions 5.6.x prior to 5.6.14, update to version 5.6.14 or later.