VDB
GCVE-110-MAGEIA-2016-267
GCVE-110-MAGEIA-2016-267
Advisory Published
Stack-based buffer overflow vulnerability in virtual_file_ex()
(CVE-2016-6289).
Use After Free in unserialize() with Unexpected Session Deserialization
(CVE-2016-6290).
Out of bound read in exif_process_IFD_in_MAKERNOTE() (CVE-2016-6291).
NULL Pointer Dereference in exif_process_user_comment() (CVE-2016-6292).
locale_accept_from_http() out-of-bounds access (CVE-2016-6294).
Use After Free Vulnerability in SNMP with GC and unserialize()
(CVE-2016-6295).
heap-buffer-overflow (write) simplestring_addn() simplestring.c in
php-xmlrpc (CVE-2016-6296).
Stack-based buffer overflow vulnerability in php_stream_zip_opener()
(CVE-2016-6297).
The php package has been updated to version 5.6.24, fixing these issues
and several other bugs. See the upstream ChangeLog for details.
The CVE-2016-6296 issue was in the xmlrpc-epi library, which has been
patched.
Additionally, the timezone and php-timezonedb packages have been updated
with the latest timezone data.
Affected Products
| Vendor | Product | Versions | Platforms |
|---|---|---|---|
| Mageia | php | 5.6.24-1.mga5 (unaffected), 0 (affected) | — |
| Mageia | php-timezonedb | 0 (affected), 2016.6-1.mga5 (unaffected) | — |
| Mageia | timezone | 0 (affected), 2016f-1.mga5 (unaffected) | — |
| Mageia | xmlrpc-epi | 0 (affected), 0.54.2-5.1.mga5 (unaffected) | — |
References
Browse GCVE Records
72,337 records in the GCVE database · Updated July 14, 2026
No matching records found.
Explore Further
Investigate this vulnerability in the interactive console or download the raw GCVE record.