integer overflow in ZipArchive::getFrom (CVE-2016-3078)


2016-11-16 13:11:02 UTC


2017-08-08 13:36:56 UTC


Was this article helpful?

Have more questions?

Submit a request

integer overflow in ZipArchive::getFrom (CVE-2016-3078)

Applicable to:

  • Plesk 12.5 for Linux
  • Plesk 12.0 for Linux


An integer wrap may occur in PHP 7.x when reading zip files with thegetFromindex() and getFromName() methods of ZipArchive, resulting in aheap overflow. This security issue got CVE-2016-3078 assigned. PHP 7 packaged by Plesk team is also affected.


Affected PHP version was already updated by vendor to include fixes this security issue. Plesk team also updated PHP in our package to close this security treat, fix is included in the recent Micro-Updates:

Plesk takes the security of our customers very seriously and encourages you to apply updates as soon as possible.

Have more questions? Submit a request
Please sign in to leave a comment.