The phpwddxprocessdata function in ext/wddx/wddx.c in PHP before 5.6.25 and 7.x before 7.0.10 allows remote attackers to cause a denial of service (segmentation fault) or possibly have unspecified other impact via an invalid ISO 8601 time value, as demonstrated by a wddxdeserialize call that mishandles a dateTime element in a wddxPacket XML document.
{ "vanir_signatures": [ { "signature_version": "v1", "signature_type": "Function", "target": { "file": "ext/wddx/wddx.c", "function": "php_wddx_process_data" }, "deprecated": false, "digest": { "length": 2167.0, "function_hash": "207752203489674637258461348437909675768" }, "id": "CVE-2016-7129-0f587202", "source": "https://github.com/php/php-src/commit/426aeb2808955ee3d3f52e0cfb102834cdb836a5" }, { "signature_version": "v1", "signature_type": "Line", "target": { "file": "ext/wddx/wddx.c" }, "deprecated": false, "digest": { "line_hashes": [ "100746592040061552942195937806632514478", "316230420235043107608903478248415684524", "56414458261142380831923594411464900415", "310203181746593072835072850754279412909", "209498715490287908413716796478832502934", "171527531426849050977209914707896583388", "61557349023981301762487451910583425792", "59685776337875011648020334027856268353", "140630431376369825881665446161955604718", "134644370982157049159950740693103025840", "313715040943910129910114612432803697526", "240402492344113374999476638738733620501", "614431119882657595008114932897763408" ], "threshold": 0.9 }, "id": "CVE-2016-7129-d94fc47b", "source": "https://github.com/php/php-src/commit/426aeb2808955ee3d3f52e0cfb102834cdb836a5" } ] }