Launchpad.net

CVE 2016-7418

The php_wddx_push_element function in ext/wddx/wddx.c in PHP before 5.6.26 and 7.x before 7.0.11 allows remote attackers to cause a denial of service (invalid pointer access and out-of-bounds read) or possibly have unspecified other impact via an incorrect boolean element in a wddxPacket XML document, leading to mishandling in a wddx_deserialize call.

Related bugs and status

CVE-2016-7418 (Candidate) is related to these bugs:

Bug #1641211: Please merge php7.0 7.0.12-2 from Debian unstable

Summary				In	Importance	Status
	1641211	Please merge php7.0 7.0.12-2 from Debian unstable		php7.0 (Ubuntu)	Undecided	Fix Released

Bug #1645431: [SRU] microrelease exception for src:php7.0 (7.0.13)

		In	Importance	Status
1645431	[SRU] microrelease exception for src:php7.0 (7.0.13)	php7.0 (Ubuntu)	Medium	Fix Released
1645431	[SRU] microrelease exception for src:php7.0 (7.0.13)	php7.0 (Ubuntu Yakkety)	Medium	Fix Released
1645431	[SRU] microrelease exception for src:php7.0 (7.0.13)	php7.0 (Ubuntu Xenial)	Medium	Fix Released

See the

CVE page on Mitre.org for more details.

Launchpad.net

CVE 2016-7418

Related bugs and status

Related bugs

References