CVE-2016-3078 — Vulnetix

Try Vulnetix Request Demo

CVE-2016-3078 PUBLISHED

Multiple integer overflows in php_zip.c in the zip extension in PHP before 7.0.6 allow remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted call to (1) getFromIndex or (2) getFromName in the ZipArchive class.

EPSS 46.15% · 97.6th percentile

Risk Scores

EPSS Score

46.15%

97.6th percentile

Affected Products

Vendor	Product	Versions
Ubuntu:16.04:LTS	php7.0	0, 7.0.1-5, 7.0.1-6

Timeline

Apr 27, 2016 PoC Published
Apr 29, 2016 CVE Published
Feb 4, 2022 EPSS Score
Dec 17, 2024 EPSS Score
Mar 17, 2025 EPSS Score
Mar 20, 2025 EPSS Score
Mar 29, 2025 EPSS Score
Apr 5, 2025 EPSS Score
Apr 6, 2025 EPSS Score
Apr 19, 2025 EPSS Score
May 1, 2025 EPSS Score
Jun 1, 2025 EPSS Score

References

https://ubuntu.com/security/CVE-2016-3078 third-party-advisory
http://www.openwall.com/lists/oss-security/2016/04/28/1 third-party-advisory
https://ubuntu.com/security/notices/USN-2984-1 vendor-advisory
https://www.cve.org/CVERecord?id=CVE-2016-3078 third-party-advisory

Open in Interactive Console →