{"id":"CVE-2016-3141","details":"Use-after-free vulnerability in wddx.c in the WDDX extension in PHP before 5.5.33 and 5.6.x before 5.6.19 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact by triggering a wddx_deserialize call on XML data containing a crafted var element.","modified":"2026-07-07T08:47:27.516890626Z","published":"2016-03-31T16:59:00.117Z","related":["SUSE-SU-2016:1145-1","SUSE-SU-2016:1166-1","SUSE-SU-2016:1581-1","SUSE-SU-2016:1638-1"],"database_specific":{"unresolved_ranges":[{"source":"CPE_RANGE","vendor_product":"apple:mac_os_x","cpes":["cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*"],"extracted_events":[{"last_affected":"10.11.4"}]}]},"references":[{"type":"WEB","url":"http://git.php.net/?p=php-src.git%3Ba=commit%3Bh=b1bd4119bcafab6f9a8f84d92cd65eec3afeface"},{"type":"WEB","url":"http://lists.apple.com/archives/security-announce/2016/May/msg00004.html"},{"type":"WEB","url":"http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00052.html"},{"type":"WEB","url":"http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00056.html"},{"type":"WEB","url":"http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00057.html"},{"type":"WEB","url":"http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00058.html"},{"type":"WEB","url":"http://www.oracle.com/technetwork/topics/security/bulletinoct2016-3090566.html"},{"type":"WEB","url":"http://www.securityfocus.com/bid/84271"},{"type":"WEB","url":"http://www.securitytracker.com/id/1035255"},{"type":"WEB","url":"https://bugs.php.net/bug.php?id=71587"},{"type":"WEB","url":"https://php.net/ChangeLog-5.php"},{"type":"WEB","url":"https://support.apple.com/HT206567"},{"type":"ADVISORY","url":"http://rhn.redhat.com/errata/RHSA-2016-2750.html"},{"type":"ADVISORY","url":"http://www.ubuntu.com/usn/USN-2952-1"},{"type":"ADVISORY","url":"http://www.ubuntu.com/usn/USN-2952-2"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/php/php-src","events":[{"introduced":"0"},{"last_affected":"523bb2473470242c9b167584247bf7c6b4bcb8d5"},{"introduced":"fc1df8e7a6886e29a6ed5bef3f674ac61164e847"},{"last_affected":"62cf13d3aa08b15107b02a0505a4f30142fa37b4"}],"database_specific":{"cpe":["cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","cpe:2.3:a:php:php:5.6.0:*:*:*:*:*:*:*","cpe:2.3:a:php:php:5.6.1:*:*:*:*:*:*:*","cpe:2.3:a:php:php:5.6.2:*:*:*:*:*:*:*","cpe:2.3:a:php:php:5.6.3:*:*:*:*:*:*:*","cpe:2.3:a:php:php:5.6.4:*:*:*:*:*:*:*","cpe:2.3:a:php:php:5.6.5:*:*:*:*:*:*:*","cpe:2.3:a:php:php:5.6.6:*:*:*:*:*:*:*","cpe:2.3:a:php:php:5.6.7:*:*:*:*:*:*:*","cpe:2.3:a:php:php:5.6.8:*:*:*:*:*:*:*","cpe:2.3:a:php:php:5.6.9:*:*:*:*:*:*:*","cpe:2.3:a:php:php:5.6.10:*:*:*:*:*:*:*","cpe:2.3:a:php:php:5.6.11:*:*:*:*:*:*:*","cpe:2.3:a:php:php:5.6.12:*:*:*:*:*:*:*","cpe:2.3:a:php:php:5.6.13:*:*:*:*:*:*:*","cpe:2.3:a:php:php:5.6.14:*:*:*:*:*:*:*","cpe:2.3:a:php:php:5.6.15:*:*:*:*:*:*:*","cpe:2.3:a:php:php:5.6.16:*:*:*:*:*:*:*","cpe:2.3:a:php:php:5.6.17:*:*:*:*:*:*:*","cpe:2.3:a:php:php:5.6.18:*:*:*:*:*:*:*"],"extracted_events":[{"introduced":"0"},{"last_affected":"5.5.32"},{"introduced":"5.6.0"},{"last_affected":"5.6.0"},{"introduced":"5.6.1"},{"last_affected":"5.6.1"},{"introduced":"5.6.2"},{"last_affected":"5.6.2"},{"introduced":"5.6.3"},{"last_affected":"5.6.3"},{"introduced":"5.6.4"},{"last_affected":"5.6.4"},{"introduced":"5.6.5"},{"last_affected":"5.6.5"},{"introduced":"5.6.6"},{"last_affected":"5.6.6"},{"introduced":"5.6.7"},{"last_affected":"5.6.7"},{"introduced":"5.6.8"},{"last_affected":"5.6.8"},{"introduced":"5.6.9"},{"last_affected":"5.6.9"},{"introduced":"5.6.10"},{"last_affected":"5.6.10"},{"introduced":"5.6.11"},{"last_affected":"5.6.11"},{"introduced":"5.6.12"},{"last_affected":"5.6.12"},{"introduced":"5.6.13"},{"last_affected":"5.6.13"},{"introduced":"5.6.14"},{"last_affected":"5.6.14"},{"introduced":"5.6.15"},{"last_affected":"5.6.15"},{"introduced":"5.6.16"},{"last_affected":"5.6.16"},{"introduced":"5.6.17"},{"last_affected":"5.6.17"},{"introduced":"5.6.18"},{"last_affected":"5.6.18"}],"source":["CPE_RANGE","CPE_STRING"]}}],"versions":["5.6.0","5.6.1","5.6.10","5.6.11","5.6.12","5.6.13","5.6.14","5.6.15","5.6.16","5.6.17","5.6.18","5.6.2","5.6.3","5.6.4","5.6.5","5.6.6","5.6.7","5.6.8","5.6.9","php-5.6.18","php-5.5.32"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2016-3141.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}]}