suse · CVE-2015-2331

Quick triage

Priority: high Published: 2021-05-30 13:28:25 UTC Updated: 2026-04-18 18:22:59 UTC

View at Official suse advisory, NVD, CVE.org · CVE detail

Freshness: upstream tracker timestamp is available; use API updated time as primary recency signal.

Tracker summary

CVE-2015-2331 severity important: SUSE including 602 source package names (apache2-mod_php5, apache2-mod_php5-5.6.28-1.1, …), 1008 product×package rows across 54 product lines (SUSE Enterprise Storage 7.1, SUSE Linux Enterprise Desktop 11 SP2, … (54 product lines)): Known Not Affected 574, Fixed 434.

Description:

Integer overflow in the _zip_cdir_new function in zip_dirent.c in libzip 0.11.2 and earlier, as used in the ZIP extension in PHP before 5.4.39, 5.5.x before 5.5.23, and 5.6.x before 5.6.7 and other products, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a ZIP archive that contains many entries, leading to a heap-based buffer overflow.

cvelogic Threat Intelligence