Red Hat Bugzilla – Bug 1305540
php: Null pointer dereference in phar_tar_setupmetadata()
Last modified: 2017-09-07 08:21:53 EDT
A NULL pointere dereference vulnerability in tar's metadata parsing was reported.
Created php tracking bugs for this issue:
Affects: fedora-all [bug 1305565]
This bug is not triggered by a malformed phar archive, but requires a PHP script to perform specific operation on a tar-format phar archive - call to a Phar::delMetadata function. That's rather unlikely, and does not seem to be worth calling security.