CVE-2011-1471

Name of the Vulnerable Software and Affected Versions PHP versions prior to 5.3.6

Description The issue is related to an integer signedness error in the zip stream.c file within the Zip extension. This error allows context-dependent attackers to cause a denial of service, specifically CPU consumption, by using a malformed archive file. The attack triggers errors in zip fread function calls.

Recommendations For versions prior to 5.3.6, update to version 5.3.6 or later to resolve the issue. As a temporary workaround, consider restricting the use of the Zip extension until a patch is applied. Avoid using the zip fread function with untrusted archive files until the issue is resolved.