First published: Sun May 22 2016(Updated: )
Fixed bug (Out-of-bounds reads in zif_grapheme_stripos with negative offset). (CVE-2016-4540, CVE-2016-4541)
Credit: security@debian.org security@debian.org
Affected Software | Affected Version | How to fix |
---|---|---|
Fedoraproject Fedora | =24 | |
openSUSE Leap | =42.1 | |
PHP PHP | <=5.5.34 | |
PHP PHP | =5.6.0 | |
PHP PHP | =5.6.1 | |
PHP PHP | =5.6.2 | |
PHP PHP | =5.6.3 | |
PHP PHP | =5.6.4 | |
PHP PHP | =5.6.5 | |
PHP PHP | =5.6.6 | |
PHP PHP | =5.6.7 | |
PHP PHP | =5.6.8 | |
PHP PHP | =5.6.9 | |
PHP PHP | =5.6.10 | |
PHP PHP | =5.6.11 | |
PHP PHP | =5.6.12 | |
PHP PHP | =5.6.13 | |
PHP PHP | =5.6.14 | |
PHP PHP | =5.6.15 | |
PHP PHP | =5.6.16 | |
PHP PHP | =5.6.17 | |
PHP PHP | =5.6.18 | |
PHP PHP | =5.6.19 | |
PHP PHP | =5.6.20 | |
PHP PHP | =7.0.0 | |
PHP PHP | =7.0.1 | |
PHP PHP | =7.0.2 | |
PHP PHP | =7.0.3 | |
PHP PHP | =7.0.4 | |
PHP PHP | =7.0.5 | |
PHP PHP | <7.0.6 | 7.0.6 |
debian/php5 | ||
debian/php7.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2016-4540 is a vulnerability in PHP that allows remote attackers to cause a denial of service or have other unspecified impact.
CVE-2016-4540 has a severity rating of 9.8 (critical).
CVE-2016-4540 affects PHP versions before 5.5.35, 5.6.x before 5.6.21, and 7.x before 7.0.6.
CVE-2016-4540 can be exploited by remote attackers through the grapheme_stripos function in PHP.
Yes, CVE-2016-4540 is fixed in PHP version 7.0.6 and later.