CVE-2016-7414

The ZIP signature-verification feature in PHP before 5.6.26 and 7.x before 7.0.11 does not ensure that the uncompressed_filesize field is large enough, which allows remote attackers to cause a denial of service (out-of-bounds memory access) or possibly have unspecified other impact via a crafted PHAR archive, related to ext/phar/util.c and ext/phar/zip.c.

References

Affected packages

Git / github.com/php/php-src

Affected ranges

Type

GIT

Repo

https://github.com/php/php-src

Events

Introduced

Last affected

e37064dae4a80c70405899bb591969bbe6aad9a8

Introduced

Last affected

60fffd296abce5fc071f3c173c25a2696cf683c6

Introduced

Last affected

4054ec69da7631046f19d54ab06f09728a208b8b

Introduced

Last affected

038c63cdea0472176ec2fdb162cfbd96e8c5f83e

Introduced

Last affected

4e1b8701573698f56e12672e4991d7e6239138d2

Introduced

Last affected

e09845d32614a19188632f410316478fbb440ebd

Introduced

Last affected

249a8fd9ae2324c84ede7ecfca6f6026e6d87df6

Introduced

Last affected

734a5fca2c4731e34eca551f28be9a10ffc3f3c9

Introduced

Last affected

fb59213fc461f079bc218abf44cb5e2b4db2182c

Introduced

Last affected

a36407215f69ba2debf77933dcb3faa0c3ba2d04

Introduced

Last affected

9d582eba7448f1495fae62b13d95d2844ce6b28a

Introduced

Last affected

da12ca9c1ed03084e6803f5e81e46f2e0a80460a

Fixed

0bfb970f43acd1e81d11be1154805f86655f15d5

Database specific

{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "5.6.25"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "7.0.0"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "7.0.1"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "7.0.2"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "7.0.3"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "7.0.4"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "7.0.5"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "7.0.6"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "7.0.7"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "7.0.8"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "7.0.9"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "7.0.10"
        }
    ]
}

Affected versions

Other

BEFORE_ARG_INFO

BEFORE_BIG_SYMBOL_CHANGE

BEFORE_EXP_MERGE

BEFORE_FD_REAPPLY

BEFORE_FD_REVERT

BEFORE_HANDLERS_RESHUFFLE

BEFORE_HEAD_NS_CHANGE

BEFORE_HEAD_NS_CHANGES_MERGE

BEFORE_IMPORT_OF_MYSQLND

BEFORE_IMPORT_OF_MYSQLND_IN_5_3

BEFORE_NEW_OBJECT_MODEL

BEFORE_NEW_OPERATOR_FIX

BEFORE_NEW_OUTPUT_API

BEFORE_NEW_PARAMETER_PARSE

BEFORE_NS_RULES_CHANGE

BEFORE_OBJECTS_STORE

BEFORE_PARAM_PARSING_CHANGE

BEFORE_PHP4_APACHE_MODULE_CHANGE

BEFORE_PRE_SHUTDOWN_REVERSE_PATCH

BEFORE_REAL_IMPORT_OF_MYSQLND

BEFORE_REMOVING_AI_COUNT_FINAL_STEP

BEFORE_REMOVING_GC_STEP1

BEFORE_REMOVING_GC_STEP2

BEFORE_RENAMING

BEFORE_SAPIFICATION_FEB_10_2000

BEFORE_SAPI_POST_PATCH_17_FEB_2000

BEFORE_STACK_PATCH

BEFORE_UNICODE_MERGE

CLOSED_BETA

ChangeLog

INITIAL_IMPORT_SOURCEFORGE

MODERN_SYMMETRIC_SESSION_BEHAVIOUR_20021003

NEWS

NEWS-cvs2svn

NEW_UI_API_BP

PHP_4_3_before_13561_fix

PHP_5_0_dev_before_13561_fix

PHP_5_2_15RC1

POST_64BIT_BRANCH_MERGE

POST_AST_MERGE

POST_NATIVE_TLS_MERGE

POST_PARAMETER_PARSING_API

POST_PHP7_EREG_MYSQL_REMOVALS

POST_PHP7_NSAPI_REMOVAL

POST_PHP7_REMOVALS

POST_PHPNG_MERGE

POST_SUBST_Z_MACROS

PRE_64BIT_BRANCH_MERGE

PRE_AST_MERGE

PRE_DELAYED_ARRAY_FETCH_PATCH

PRE_EIGHT_BYTE_ALLOC_PATCH

PRE_ENGINE2_SPLIT

PRE_FETCH_READ_PATCH

PRE_FILE_COMPILE_API_CHANGE

PRE_FUNC_RETURNS_OBJECT_PATCH

PRE_GRANULAR_GARBAGE_FIX

PRE_ISSET_PATCH

PRE_ISSET_TYPE

PRE_LIBMYSQL_REVERT

PRE_LIBZEND_TO_ZEND

PRE_METHOD_CALL_SEPERATE_FIX_PATCH

PRE_METHOD_DEREFERENCE_PATCH

PRE_NATIVE_TLS_MERGE

PRE_NEW_OCI8_EXTENSION

PRE_NEW_VM_GEN_PATCH

PRE_PARAMETER_PARSING_API

PRE_PHP7_EREG_MYSQL_REMOVALS

PRE_PHP7_NSAPI_REMOVAL

PRE_PHP7_REMOVALS

PRE_PHPNG_MERGE

PRE_RETURN_REF_MERGE

PRE_RETURN_REF_PATCH

PRE_SUBST_Z_MACROS

PRE_TSRM_MERGE_PATCH

PRE_USED_RETURN_VALUE_PATCH

PRE_ZEND_VM_DISPATCH_PATCH

RELEASE_0_1

RELEASE_0_10

RELEASE_0_11

RELEASE_0_1_1

RELEASE_0_2

RELEASE_0_2_0

RELEASE_0_2_1

RELEASE_0_2_2

RELEASE_0_2_3

RELEASE_0_2_4

RELEASE_0_3

RELEASE_0_4

RELEASE_0_5

RELEASE_0_5_2

RELEASE_0_5_3

RELEASE_0_6

RELEASE_0_7

RELEASE_0_9

RELEASE_0_90

RELEASE_0_91

RELEASE_0_9_0

RELEASE_0_9_1

RELEASE_0_9_2

RELEASE_0_9_3

RELEASE_0_9_4

RELEASE_0_9b

RELEASE_1_0

RELEASE_1_0RC1

RELEASE_1_0RC2

RELEASE_1_0_0RC1

RELEASE_1_0_1

RELEASE_1_0_2

RELEASE_1_0_3

RELEASE_1_0_4

RELEASE_1_0b1

RELEASE_1_0b2

RELEASE_1_0b3

RELEASE_1_1

RELEASE_1_1_0

RELEASE_1_1_1

RELEASE_1_2

RELEASE_1_2_0

RELEASE_1_2_1

RELEASE_1_2_2

RELEASE_1_2_3

RELEASE_1_2_4

RELEASE_1_2_5

RELEASE_1_2b5

RELEASE_1_3

RELEASE_1_3_1

RELEASE_1_3_5

RELEASE_1_3b2

RELEASE_1_3b3

RELEASE_1_3b6

RELEASE_1_4

RELEASE_1_5

RELEASE_2_0_0

RELEASE_2_0_0RC1

RELEASE_2_0_0a1

RELEASE_2_0_0a2

RELEASE_2_0_0b1

RELEASE_2_0_1

RELEASE_2_0_2

RETURN_REF_BP

SAFEGUARD_3_0_BETA1_RC1_26062002

SPL_ALPHA

SQLITE_4_3_20041227

ZEND_OPTIMIZER_B1

ZO_B1

before-sapi-split

dev

help

php4

php5_5_0

php_ibase_before_split

xmlrpc_epi_0_51_merge_pt

PHP-4.*

PHP-4.0-RC1

PHP-5.*

PHP-5.4.1-RC1

php-4.*

php-4.0.0

php-4.0.1

php-4.0.1RC

php-4.0.1RC2

php-4.0.1pl1

php-4.0.2

php-4.0.2RC1

php-4.0.3

php-4.0.3RC1

php-4.0.3RC2

php-4.0.4RC3

php-4.0.4RC4

php-4.0.4RC5

php-4.0.4RC6

php-4.0.4REL

php-4.0.4pl1

php-4.0.4pl1RC1

php-4.0.4pl1RC2

php-4.0.5

php-4.0.5RC1

php-4.0.5RC2

php-4.0.5RC3

php-4.0.5RC4

php-4.0.5RC5

php-4.0.5RC6

php-4.0.5RC7

php-4.0.5RC8

php-4.0.6

php-4.0.6RC1

php-4.0.6RC2

php-4.0.6RC3

php-4.0.6RC4

php-4.0.7RC1

php-4.0.7RC2

php-4.0.7RC3

php-4.0RC1

php-4.0RC2

php-4.0b1

php-4.0b2

php-4.0b3

php-4.0b3_RC2

php-4.0b3_RC3

php-4.0b3_RC4

php-4.0b3_RC5

php-4.0b4

php-4.0b4_rc1

php-4.0b4pl1

php-4.1.0

php-4.1.0RC1

php-4.1.0RC2

php-4.1.0RC3

php-4.1.0RC4

php-4.1.0RC5

php-4.1.1

php-4.1.2

php-4.2.0

php-4.2.0RC1

php-4.2.0RC2

php-4.2.0RC3

php-4.2.0RC4

php-4.2.1

php-4.2.1RC1

php-4.2.1RC2

php-4.2.2

php-4.2.3

php-4.2.3RC1

php-4.2.3RC2

php-4.3.0

php-4.3.0RC1

php-4.3.0RC2

php-4.3.0RC3

php-4.3.0RC4

php-4.3.0dev

php-4.3.0dev-ZendEngine2

php-4.3.0dev-ZendEngine2-Preview1

php-4.3.0dev_zend2_alpha1

php-4.3.0dev_zend2_alpha2

php-4.3.0dev_zend2_alpha3

php-4.3.0pre1

php-4.3.0pre2

php-4.3.1

php-4.3.10

php-4.3.10RC1

php-4.3.10RC2

php-4.3.11

php-4.3.11RC1

php-4.3.11RC2

php-4.3.2

php-4.3.2RC1

php-4.3.2RC2

php-4.3.2RC3

php-4.3.2RC4

php-4.3.3

php-4.3.3RC1

php-4.3.3RC2

php-4.3.3RC3

php-4.3.3RC4

php-4.3.4

php-4.3.4RC1

php-4.3.4RC2

php-4.3.4RC3

php-4.3.5

php-4.3.5RC1

php-4.3.5RC2

php-4.3.5RC3

php-4.3.5RC4

php-4.3.6

php-4.3.6RC1

php-4.3.6RC2

php-4.3.6RC3

php-4.3.7

php-4.3.7RC1

php-4.3.8

php-4.3.9

php-4.3.9RC1

php-4.3.9RC2

php-4.3.9RC3

php-4.4.0

php-4.4.0RC1

php-4.4.0RC2

php-4.4.1

php-4.4.1RC1

php-4.4.2

php-4.4.2RC1

php-4.4.2RC2

php-4.4.3

php-4.4.3RC1

php-4.4.3RC2

php-4.4.4

php-4.4.4RC1

php-4.4.5

php-4.4.5RC1

php-4.4.5RC2

php-4.4.6

php-4.4.6RC1

php-4.4.7

php-4.4.7RC1

php-4.4.8

php-4.4.8RC1

php-4.4.9

php-4.4.9RC1

php-5.*

php-5.0.0

php-5.0.0RC1

php-5.0.0RC1RC1

php-5.0.0RC1RC2

php-5.0.0RC2

php-5.0.0RC2RC1

php-5.0.0RC2RC2

php-5.0.0RC3

php-5.0.0RC3RC1

php-5.0.0RC3RC2

php-5.0.0RC4

php-5.0.0b1

php-5.0.0b2

php-5.0.0b2RC1

php-5.0.0b3

php-5.0.0b3RC1

php-5.0.0b3RC2

php-5.0.0b4

php-5.0.0b4RC1

php-5.0.1

php-5.0.1RC1

php-5.0.1RC2

php-5.0.1b1

php-5.0.2

php-5.0.2RC1

php-5.0.3

php-5.0.3RC1

php-5.0.3RC2

php-5.0.4

php-5.0.4RC1

php-5.0.4RC2

php-5.0.5

php-5.0.5RC1

php-5.0.5RC2

php-5.1.0

php-5.1.0RC1

php-5.1.0RC2

php-5.1.0RC2_PRE

php-5.1.0RC3

php-5.1.0RC4

php-5.1.0RC5

php-5.1.0RC6

php-5.1.0b1

php-5.1.0b2

php-5.1.0b3

php-5.1.1

php-5.1.2

php-5.1.2RC1

php-5.1.2RC2

php-5.1.3

php-5.1.3RC1

php-5.1.3RC2

php-5.1.3RC3

php-5.1.4

php-5.1.5

php-5.1.5RC1

php-5.1.6

php-5.2.0

php-5.2.0RC1

php-5.2.0RC2

php-5.2.0RC3

php-5.2.0RC4

php-5.2.0RC5

php-5.2.0RC6

php-5.2.1

php-5.2.10

php-5.2.10RC1

php-5.2.10RC2

php-5.2.11

php-5.2.11RC1

php-5.2.11RC2

php-5.2.11RC3

php-5.2.12

php-5.2.12RC1

php-5.2.12RC2

php-5.2.12RC3

php-5.2.12RC4

php-5.2.13

php-5.2.13RC1

php-5.2.13RC2

php-5.2.14

php-5.2.14RC1

php-5.2.14RC2

php-5.2.14RC3

php-5.2.15

php-5.2.15RC1

php-5.2.15RC2

php-5.2.16

php-5.2.17

php-5.2.1RC1

php-5.2.1RC2

php-5.2.1RC3

php-5.2.1RC4

php-5.2.2

php-5.2.2RC1

php-5.2.2RC2

php-5.2.3

php-5.2.3RC1

php-5.2.4

php-5.2.4RC1

php-5.2.4RC2

php-5.2.4RC3

php-5.2.5

php-5.2.5RC1

php-5.2.5RC2

php-5.2.6

php-5.2.6RC1

php-5.2.6RC2

php-5.2.6RC3

php-5.2.6RC4

php-5.2.6RC5

php-5.2.7

php-5.2.7RC1

php-5.2.7RC2

php-5.2.7RC3

php-5.2.7RC4

php-5.2.7RC5

php-5.2.8

php-5.2.9

php-5.2.9RC1

php-5.2.9RC2

php-5.2.9RC3

php-5.3.0

php-5.3.0RC1

php-5.3.0RC2

php-5.3.0RC3

php-5.3.0RC4

php-5.3.0alpha1

php-5.3.0alpha2

php-5.3.0alpha3

php-5.3.0beta1

php-5.3.1

php-5.3.10

php-5.3.11

php-5.3.11RC1

php-5.3.11RC2

php-5.3.12

php-5.3.13

php-5.3.14

php-5.3.14RC1

php-5.3.14RC2

php-5.3.15

php-5.3.15RC1

php-5.3.16

php-5.3.17

php-5.3.18

php-5.3.18RC1

php-5.3.19

php-5.3.19RC1

php-5.3.1RC1

php-5.3.1RC2

php-5.3.1RC3

php-5.3.1RC4

php-5.3.2

php-5.3.20

php-5.3.20RC1

php-5.3.21

php-5.3.21RC1

php-5.3.22

php-5.3.22RC1

php-5.3.22RC2

php-5.3.23

php-5.3.23RC1

php-5.3.24

php-5.3.24RC1

php-5.3.25

php-5.3.25RC1

php-5.3.26

php-5.3.26RC1

php-5.3.27

php-5.3.27RC1

php-5.3.28

php-5.3.29

php-5.3.29RC1

php-5.3.2RC1

php-5.3.2RC2

php-5.3.2RC3

php-5.3.3

php-5.3.3RC1

php-5.3.3RC2

php-5.3.3RC3

php-5.3.4

php-5.3.4RC1

php-5.3.4RC2

php-5.3.5

php-5.3.6

php-5.3.6RC1

php-5.3.6RC2

php-5.3.6RC3

php-5.3.7

php-5.3.7RC1

php-5.3.7RC2

php-5.3.7RC3

php-5.3.7RC4

php-5.3.7RC5

php-5.3.8

php-5.3.9

php-5.3.9RC1

php-5.3.9RC2

php-5.3.9RC3

php-5.3.9RC4

php-5.4.0

php-5.4.0RC1

php-5.4.0RC2

php-5.4.0RC3

php-5.4.0RC4

php-5.4.0RC5

php-5.4.0RC6

php-5.4.0RC7

php-5.4.0RC8

php-5.4.0alpha1

php-5.4.0alpha2

php-5.4.0alpha3

php-5.4.0beta1

php-5.4.0beta2

php-5.4.1

php-5.4.10

php-5.4.10RC1

php-5.4.11

php-5.4.11RC1

php-5.4.12

php-5.4.12RC1

php-5.4.12RC2

php-5.4.13

php-5.4.13RC1

php-5.4.14

php-5.4.14RC1

php-5.4.15

php-5.4.15RC1

php-5.4.16

php-5.4.16RC1

php-5.4.17

php-5.4.17RC1

php-5.4.18

php-5.4.18RC1

php-5.4.18RC2

php-5.4.19

php-5.4.1RC1

php-5.4.1RC2

php-5.4.2

php-5.4.20

php-5.4.20RC1

php-5.4.21

php-5.4.21RC1

php-5.4.22

php-5.4.22RC1

php-5.4.23

php-5.4.23RC1

php-5.4.24

php-5.4.24RC1

php-5.4.25

php-5.4.25RC1

php-5.4.26

php-5.4.26RC1

php-5.4.27

php-5.4.27RC1

php-5.4.28

php-5.4.28RC1

php-5.4.29

php-5.4.29RC1

php-5.4.3

php-5.4.30

php-5.4.30RC1

php-5.4.31

php-5.4.31RC1

php-5.4.32

php-5.4.32RC1

php-5.4.33

php-5.4.33RC1

php-5.4.34

php-5.4.35

php-5.4.36

php-5.4.37

php-5.4.38

php-5.4.39

php-5.4.4

php-5.4.40

php-5.4.41

php-5.4.42

php-5.4.43

php-5.4.44

php-5.4.45

php-5.4.4RC1

php-5.4.4RC2

php-5.4.5

php-5.4.5RC1

php-5.4.6

php-5.4.6RC1

php-5.4.7

php-5.4.7RC1

php-5.4.8

php-5.4.8RC1

php-5.4.9

php-5.4.9RC1

php-5.5.0

php-5.5.0RC1

php-5.5.0RC2

php-5.5.0RC3

php-5.5.0alpha1

php-5.5.0alpha2

php-5.5.0alpha3

php-5.5.0alpha4

php-5.5.0alpha5

php-5.5.0alpha6

php-5.5.0beta1

php-5.5.0beta2

php-5.5.0beta3

php-5.5.0beta4

php-5.5.1

php-5.5.10

php-5.5.10RC1

php-5.5.11

php-5.5.11RC1

php-5.5.12

php-5.5.12RC1

php-5.5.13

php-5.5.13RC1

php-5.5.14

php-5.5.14RC1

php-5.5.15

php-5.5.15RC1

php-5.5.16

php-5.5.16RC1

php-5.5.17

php-5.5.17RC1

php-5.5.18

php-5.5.18RC1

php-5.5.19

php-5.5.19RC1

php-5.5.2

php-5.5.20

php-5.5.20RC1

php-5.5.21

php-5.5.21RC1

php-5.5.22

php-5.5.22RC1

php-5.5.23

php-5.5.23RC1

php-5.5.24

php-5.5.24RC1

php-5.5.25

php-5.5.25RC1

php-5.5.26

php-5.5.26RC1

php-5.5.27

php-5.5.27RC1

php-5.5.28

php-5.5.29

php-5.5.2RC1

php-5.5.3

php-5.5.30

php-5.5.31

php-5.5.32

php-5.5.33

php-5.5.34

php-5.5.35

php-5.5.36

php-5.5.37

php-5.5.38

php-5.5.4

php-5.5.4RC1

php-5.5.5

php-5.5.5RC1

php-5.5.6

php-5.5.6RC1

php-5.5.7

php-5.5.7RC1

php-5.5.8

php-5.5.8RC1

php-5.5.9

php-5.5.9RC1

php-5.6.0

php-5.6.0RC1

php-5.6.0RC2

php-5.6.0RC3

php-5.6.0RC4

php-5.6.0alpha1

php-5.6.0alpha2

php-5.6.0alpha3

php-5.6.0beta1

php-5.6.0beta2

php-5.6.0beta3

php-5.6.0beta4

php-5.6.1

php-5.6.10

php-5.6.10RC1

php-5.6.11

php-5.6.11RC1

php-5.6.12

php-5.6.12RC1

php-5.6.13

php-5.6.13RC1

php-5.6.14

php-5.6.14RC1

php-5.6.15

php-5.6.15RC1

php-5.6.16

php-5.6.16RC1

php-5.6.17

php-5.6.17RC1

php-5.6.18

php-5.6.18RC1

php-5.6.19

php-5.6.19RC1

php-5.6.1RC1

php-5.6.2

php-5.6.20

php-5.6.20RC1

php-5.6.21

php-5.6.21RC1

php-5.6.22

php-5.6.22RC1

php-5.6.23

php-5.6.23RC1

php-5.6.24

php-5.6.24RC1

php-5.6.25

php-5.6.25RC1

php-5.6.26

php-5.6.26RC1

php-5.6.27

php-5.6.27RC1

php-5.6.28

php-5.6.28RC1

php-5.6.29

php-5.6.29RC1

php-5.6.3

php-5.6.30

php-5.6.30RC1

php-5.6.31

php-5.6.32

php-5.6.33

php-5.6.34

php-5.6.35

php-5.6.36

php-5.6.37

php-5.6.38

php-5.6.39

php-5.6.3RC1

php-5.6.4

php-5.6.40

php-5.6.4RC1

php-5.6.5

php-5.6.5RC1

php-5.6.6

php-5.6.6RC1

php-5.6.7

php-5.6.7RC1

php-5.6.8

php-5.6.8RC1

php-5.6.9

php-5.6.9RC1

php-7.*

php-7.0.0

php-7.0.0RC1

php-7.0.0RC2

php-7.0.0RC3

php-7.0.0RC4

php-7.0.0RC5

php-7.0.0RC6

php-7.0.0RC7

php-7.0.0RC8

php-7.0.0alpha1

php-7.0.0alpha2

php-7.0.0beta1

php-7.0.0beta2

php-7.0.0beta3

php-7.0.1

php-7.0.10

php-7.0.10RC1

php-7.0.11RC1

php-7.0.1RC1

php-7.0.2

php-7.0.2RC1

php-7.0.3

php-7.0.3RC1

php-7.0.4

php-7.0.4RC1

php-7.0.5

php-7.0.5RC1

php-7.0.6

php-7.0.6RC1

php-7.0.7

php-7.0.7RC1

php-7.0.8

php-7.0.8RC1

php-7.0.9

php-7.0.9RC1

php-7.1.0RC1

php-7.1.0alpha1

php-7.1.0alpha2

php-7.1.0alpha3

php-7.1.0beta1

php-7.1.0beta2

php-7.1.0beta3

Database specific

vanir_signatures

[
    {
        "signature_version": "v1",
        "source": "https://github.com/php/php-src/commit/0bfb970f43acd1e81d11be1154805f86655f15d5",
        "signature_type": "Function",
        "deprecated": false,
        "digest": {
            "function_hash": "101242370165513919491089039533970893552",
            "length": 5223.0
        },
        "id": "CVE-2016-7414-43943fa6",
        "target": {
            "function": "phar_verify_signature",
            "file": "ext/phar/util.c"
        }
    },
    {
        "signature_version": "v1",
        "source": "https://github.com/php/php-src/commit/0bfb970f43acd1e81d11be1154805f86655f15d5",
        "signature_type": "Line",
        "deprecated": false,
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "244400190783885828915468846303400330131",
                "220938297046291968895624677270232626954",
                "217113816790544416622540442228774921754",
                "72637125844662283035880695243814328574",
                "164246766542830566394349227218824006821",
                "160980979549708332661600367319968669695",
                "247389591875603594575684201196652913762",
                "33632015481981501695773000747706314048",
                "139545094004363760544095452240714654415",
                "136461186073909743546029373745291216650",
                "262191750120340749570254217947750615443",
                "329770936341848827278611144329266529055"
            ]
        },
        "id": "CVE-2016-7414-b7c90076",
        "target": {
            "file": "ext/phar/util.c"
        }
    },
    {
        "signature_version": "v1",
        "source": "https://github.com/php/php-src/commit/0bfb970f43acd1e81d11be1154805f86655f15d5",
        "signature_type": "Line",
        "deprecated": false,
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "194244017137198307781582767011579174443",
                "118184689874117657393240452738154088241",
                "86817378469711086272257748017947586223",
                "280630189565604860243635377343440368876"
            ]
        },
        "id": "CVE-2016-7414-bdfe8485",
        "target": {
            "file": "ext/phar/zip.c"
        }
    },
    {
        "signature_version": "v1",
        "source": "https://github.com/php/php-src/commit/0bfb970f43acd1e81d11be1154805f86655f15d5",
        "signature_type": "Function",
        "deprecated": false,
        "digest": {
            "function_hash": "310861919766617533753547334896560365421",
            "length": 17098.0
        },
        "id": "CVE-2016-7414-d0b8d27b",
        "target": {
            "function": "phar_parse_zipfile",
            "file": "ext/phar/zip.c"
        }
    }
]

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2016-7414.json"