Description
The _zip_name_locate function in zip_name_locate.c in the Zip extension in PHP before 5.3.6 does not properly handle a ZIPARCHIVE::FL_UNCHANGED argument, which might allow context-dependent attackers to cause a denial of service (NULL pointer dereference) via an empty ZIP archive that is processed with a (1) locateName or (2) statName operation.
Remediation
References
Related Vulnerabilities
WordPress 3.8.x Cross-Site Request Forgery (3.8 - 3.8.28)
Jenkins Improper Access Control Vulnerability (CVE-2015-5325)
Lighttpd Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2008-1111)
PHP Numeric Errors Vulnerability (CVE-2011-4566)
WordPress Plugin WP Import Export Information Disclosure (3.9.15)