CVE-2016-5772

Name of the Vulnerable Software and Affected Versions PHP versions prior to 5.5.37 PHP versions 5.6.x prior to 5.6.23 PHP versions 7.x prior to 7.0.8

Description The issue is related to a double free vulnerability in the php wddx process data function in the WDDX extension. This vulnerability can be exploited by remote attackers via crafted XML data that is mishandled in a wddx deserialize call, potentially leading to a denial of service (application crash) or possibly the execution of arbitrary code.

Recommendations For PHP versions prior to 5.5.37, update to version 5.5.37 or later. For PHP versions 5.6.x prior to 5.6.23, update to version 5.6.23 or later. For PHP versions 7.x prior to 7.0.8, update to version 7.0.8 or later.