Description
The ZIP signature-verification feature in PHP before 5.6.26 and 7.x before 7.0.11 does not ensure that the uncompressed_filesize field is large enough, which allows remote attackers to cause a denial of service (out-of-bounds memory access) or possibly have unspecified other impact via a crafted PHAR archive, related to ext/phar/util.c and ext/phar/zip.c.
Remediation
References
Related Vulnerabilities
WordPress Plugin WP Statistics Multiple Cross-Site Scripting Vulnerabilities (12.0.4)
WordPress Plugin Themify-WooCommerce Product Filter SQL Injection (1.4.9)
WordPress Other Vulnerability (CVE-2005-1810)
Grafana CVE-2021-27358 Vulnerability (CVE-2021-27358)
WordPress Plugin Weather Effect-Christmas Santa Snow Falling Cross-Site Scripting (1.3.5)