CVE-2007-1777

Name of the Vulnerable Software and Affected Versions: PHP versions prior to 4.4.5

Description: The issue is related to an integer overflow in the zip read entry function. This allows remote attackers to execute arbitrary code via a ZIP archive that contains an entry with a length value of 0xffffffff. The value is incremented before use in an emalloc call, triggering a heap overflow.

Recommendations: For versions prior to 4.4.5, update to version 4.4.5 or later to resolve the issue. As a temporary workaround, consider restricting the handling of ZIP archives to minimize the risk of exploitation. Avoid using the zip read entry function with untrusted ZIP archives until the issue is resolved.