CVE-2016-4539

Name of the Vulnerable Software and Affected Versions PHP versions prior to 5.5.35 PHP versions 5.6.x prior to 5.6.21 PHP versions 7.x prior to 7.0.6

Description The issue allows remote attackers to cause a denial of service or possibly have other impacts via crafted XML data in the second argument to the xml parse into struct function, leading to a parser level of zero. This is due to a buffer under-read and segmentation fault. The vulnerability can be exploited by a remote attacker using specially formed XML data.

Recommendations For PHP versions prior to 5.5.35, update to version 5.5.35 or later. For PHP versions 5.6.x prior to 5.6.21, update to version 5.6.21 or later. For PHP versions 7.x prior to 7.0.6, update to version 7.0.6 or later.