{"id":"CVE-2016-7131","details":"ext/wddx/wddx.c in PHP before 5.6.25 and 7.x before 7.0.10 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) or possibly have unspecified other impact via a malformed wddxPacket XML document that is mishandled in a wddx_deserialize call, as demonstrated by a tag that lacks a \u003c (less than) character.","modified":"2026-07-08T12:41:37.572668Z","published":"2016-09-12T01:59:09.787Z","related":["SUSE-SU-2016:2328-1","SUSE-SU-2016:2408-1","SUSE-SU-2016:2459-1","SUSE-SU-2016:2460-1","SUSE-SU-2016:2460-2"],"references":[{"type":"ADVISORY","url":"http://rhn.redhat.com/errata/RHSA-2016-2750.html"},{"type":"ADVISORY","url":"http://www.php.net/ChangeLog-5.php"},{"type":"ADVISORY","url":"http://www.php.net/ChangeLog-7.php"},{"type":"ADVISORY","url":"http://www.securityfocus.com/bid/92768"},{"type":"ADVISORY","url":"http://www.securitytracker.com/id/1036680"},{"type":"ADVISORY","url":"https://security.gentoo.org/glsa/201611-22"},{"type":"ADVISORY","url":"https://www.tenable.com/security/tns-2016-19"},{"type":"REPORT","url":"https://bugs.php.net/bug.php?id=72790"},{"type":"FIX","url":"https://github.com/php/php-src/commit/0c8a2a2cd1056b7dc403eacb5d2c0eec6ce47c6f"},{"type":"FIX","url":"https://github.com/php/php-src/commit/a14fdb9746262549bbbb96abb87338bacd147e1b?w=1"},{"type":"ARTICLE","url":"http://openwall.com/lists/oss-security/2016/09/02/9"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/php/php-src","events":[{"introduced":"0"},{"last_affected":"38980c9ea4156ce52a53f9f3e1007ea3d787fa11"},{"introduced":"60fffd296abce5fc071f3c173c25a2696cf683c6"},{"last_affected":"9d582eba7448f1495fae62b13d95d2844ce6b28a"},{"fixed":"0c8a2a2cd1056b7dc403eacb5d2c0eec6ce47c6f"},{"fixed":"a14fdb9746262549bbbb96abb87338bacd147e1b"}],"database_specific":{"source":["CPE_RANGE","CPE_STRING","REFERENCES"],"extracted_events":[{"introduced":"0"},{"last_affected":"5.6.24"},{"introduced":"7.0.0"},{"last_affected":"7.0.0"},{"introduced":"7.0.1"},{"last_affected":"7.0.1"},{"introduced":"7.0.2"},{"last_affected":"7.0.2"},{"introduced":"7.0.3"},{"last_affected":"7.0.3"},{"introduced":"7.0.4"},{"last_affected":"7.0.4"},{"introduced":"7.0.5"},{"last_affected":"7.0.5"},{"introduced":"7.0.6"},{"last_affected":"7.0.6"},{"introduced":"7.0.7"},{"last_affected":"7.0.7"},{"introduced":"7.0.8"},{"last_affected":"7.0.8"},{"introduced":"7.0.9"},{"last_affected":"7.0.9"}],"cpe":["cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","cpe:2.3:a:php:php:7.0.0:*:*:*:*:*:*:*","cpe:2.3:a:php:php:7.0.1:*:*:*:*:*:*:*","cpe:2.3:a:php:php:7.0.2:*:*:*:*:*:*:*","cpe:2.3:a:php:php:7.0.3:*:*:*:*:*:*:*","cpe:2.3:a:php:php:7.0.4:*:*:*:*:*:*:*","cpe:2.3:a:php:php:7.0.5:*:*:*:*:*:*:*","cpe:2.3:a:php:php:7.0.6:*:*:*:*:*:*:*","cpe:2.3:a:php:php:7.0.7:*:*:*:*:*:*:*","cpe:2.3:a:php:php:7.0.8:*:*:*:*:*:*:*","cpe:2.3:a:php:php:7.0.9:*:*:*:*:*:*:*"]}}],"versions":["7.0.0","7.0.1","7.0.2","7.0.3","7.0.4","7.0.5","7.0.6","7.0.7","7.0.8","7.0.9","php-5.6.24","php-5.6.24RC1","php-7.0.9","php-7.0.9RC1","POST_PHP7_NSAPI_REMOVAL","PRE_PHP7_NSAPI_REMOVAL","PRE_PHP7_EREG_MYSQL_REMOVALS","PRE_PHP7_REMOVALS","POST_PHP7_REMOVALS","POST_AST_MERGE","PRE_AST_MERGE","POST_64BIT_BRANCH_MERGE","PRE_64BIT_BRANCH_MERGE","POST_PHPNG_MERGE"],"database_specific":{"vanir_signatures_modified":"2026-07-08T12:41:37Z","vanir_signatures":[{"signature_type":"Function","signature_version":"v1","id":"CVE-2016-7131-3e5d4572","source":"https://github.com/php/php-src/commit/0c8a2a2cd1056b7dc403eacb5d2c0eec6ce47c6f","deprecated":false,"target":{"file":"ext/wddx/wddx.c","function":"php_wddx_pop_element"},"digest":{"function_hash":"243472621704310466816026209188486312828","length":3128}},{"signature_type":"Line","signature_version":"v1","id":"CVE-2016-7131-6190c5ee","source":"https://github.com/php/php-src/commit/a14fdb9746262549bbbb96abb87338bacd147e1b","deprecated":false,"target":{"file":"ext/wddx/wddx.c"},"digest":{"threshold":0.9,"line_hashes":["227586690061435287287994965536507444467","171971468238865359835315510260595594604","294096788541314842492047899537980398585","39203211752148870350392571347397727161","114003824792058325898787743924612295354","324042257599249327893896841955922877651","266610581013121937022296237480834597881","117136385783754546423721084500627110644","44137497100171573864820611955448240089","153431260466363184658019689457626286979","158482252310758241378516474298821169290","173721130950342728693098650034089755027","84864854111785873586959024477215096849","188898573441791144762762604513859184083","138531317981445496527495267023563809995","263100670372584543987352143707260985591","68486984776250340094585839969057325575","148843188674208780203491168371029985762"]}},{"signature_type":"Function","signature_version":"v1","id":"CVE-2016-7131-69699daf","source":"https://github.com/php/php-src/commit/a14fdb9746262549bbbb96abb87338bacd147e1b","deprecated":false,"target":{"file":"ext/wddx/wddx.c","function":"php_wddx_deserialize_ex"},"digest":{"function_hash":"27721742760066615624167846450324310011","length":555}},{"signature_type":"Line","signature_version":"v1","id":"CVE-2016-7131-6ae83bb8","source":"https://github.com/php/php-src/commit/0c8a2a2cd1056b7dc403eacb5d2c0eec6ce47c6f","deprecated":false,"target":{"file":"ext/wddx/wddx.c"},"digest":{"threshold":0.9,"line_hashes":["20836660269113468284500990585186249828","222899783497892283321114778092987738633","294096788541314842492047899537980398585","39203211752148870350392571347397727161","114003824792058325898787743924612295354","324042257599249327893896841955922877651","266610581013121937022296237480834597881","98163707120487438389306192675281043703"]}},{"signature_type":"Function","signature_version":"v1","id":"CVE-2016-7131-76ddb254","source":"https://github.com/php/php-src/commit/a14fdb9746262549bbbb96abb87338bacd147e1b","deprecated":false,"target":{"file":"ext/wddx/wddx.c","function":"php_wddx_pop_element"},"digest":{"function_hash":"312659420719444014877092094935802353723","length":3296}}],"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2016-7131.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}]}