Launchpad.net

CVE 2016-7132

ext/wddx/wddx.c in PHP before 5.6.25 and 7.x before 7.0.10 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) or possibly have unspecified other impact via an invalid wddxPacket XML document that is mishandled in a wddx_deserialize call, as demonstrated by a stray element inside a boolean element, leading to incorrect pop processing.

Related bugs and status

CVE-2016-7132 (Candidate) is related to these bugs:

Bug #1641211: Please merge php7.0 7.0.12-2 from Debian unstable

Summary				In	Importance	Status
	1641211	Please merge php7.0 7.0.12-2 from Debian unstable		php7.0 (Ubuntu)	Undecided	Fix Released

Bug #1645431: [SRU] microrelease exception for src:php7.0 (7.0.13)

		In	Importance	Status
1645431	[SRU] microrelease exception for src:php7.0 (7.0.13)	php7.0 (Ubuntu)	Medium	Fix Released
1645431	[SRU] microrelease exception for src:php7.0 (7.0.13)	php7.0 (Ubuntu Yakkety)	Medium	Fix Released
1645431	[SRU] microrelease exception for src:php7.0 (7.0.13)	php7.0 (Ubuntu Xenial)	Medium	Fix Released

See the

CVE page on Mitre.org for more details.

Launchpad.net

CVE 2016-7132

Related bugs and status

Related bugs

References