CVE-2011-1471

Name: CVE-2011-1471
Creator: NVD / NIST
Published: 2011-03-20T02:00:04.877+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

UnknownEPSS 13.13%

Last modified Jun 16, 2026

CVE-2011-1471 is a vulnerability of currently unknown severity. Integer signedness error in zip_stream.c in the Zip extension in PHP before 5.3.6 allows context-dependent attackers to cause a denial of service (CPU consumption) via a malformed archive file that triggers errors in zip_fread function calls.. EPSS estimates a 13.13% chance of exploitation in the next 30 days.

Description

Integer signedness error in zip_stream.c in the Zip extension in PHP before 5.3.6 allows context-dependent attackers to cause a denial of service (CPU consumption) via a malformed archive file that triggers errors in zip_fread function calls.

Metrics

EPSS Probability

13.13%

95.9th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

CWE-189

Affected Software

Vendor	Product	Versions
Php	Php	< 5.2.11
Php	Php	>= 5.3.0, < 5.3.6

References

http://bugs.php.net/bug.php?id=49072Exploit, Vendor Advisory
http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.htmlMailing List, Third Party Advisory
http://support.apple.com/kb/HT5002Third Party Advisory
http://www.debian.org/security/2011/dsa-2266Third Party Advisory
http://www.mandriva.com/security/advisories?name=MDVSA-2011:052Broken Link
http://www.mandriva.com/security/advisories?name=MDVSA-2011:053Broken Link
http://www.php.net/ChangeLog-5.phpVendor Advisory
http://www.redhat.com/support/errata/RHSA-2011-1423.htmlThird Party Advisory
http://www.securityfocus.com/bid/46975Third Party Advisory, VDB Entry
http://www.vupen.com/english/advisories/2011/0744Permissions Required
http://bugs.php.net/bug.php?id=49072Exploit, Vendor Advisory
http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.htmlMailing List, Third Party Advisory
http://support.apple.com/kb/HT5002Third Party Advisory
http://www.debian.org/security/2011/dsa-2266Third Party Advisory
http://www.mandriva.com/security/advisories?name=MDVSA-2011:052Broken Link
http://www.mandriva.com/security/advisories?name=MDVSA-2011:053Broken Link
http://www.php.net/ChangeLog-5.phpVendor Advisory
http://www.redhat.com/support/errata/RHSA-2011-1423.htmlThird Party Advisory
http://www.securityfocus.com/bid/46975Third Party Advisory, VDB Entry
http://www.vupen.com/english/advisories/2011/0744Permissions Required

Timeline

Published: Mar 20, 2011
Last Modified: Jun 16, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2011-1471?

How severe is CVE-2011-1471?

Severity scoring for CVE-2011-1471 is pending analysis. The EPSS model estimates a 13.13% probability of exploitation in the next 30 days.

How do I fix CVE-2011-1471?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2011-1471?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST