Vulnerability Information: - Type: Integer Overflow - Affected Function: - Consequence: Leads to heap overflow, potentially enabling remote code execution - Affected Versions: PHP 5.6.8 - CVE ID: 2015-4022 - Reporter: maxgeorgspelsberg - Fix Commit: commit (changed variable type from to ) Root Cause: When processing data exceeding 2^32 bytes, the variables or may overflow. This results in insufficient buffer allocation for temporary file writes, causing a heap overflow when the temporary file content is reloaded into memory. PoC: The report includes a malicious FTP server implemented in Python ( ) and a vulnerable PHP page ( ) to demonstrate how to trigger the vulnerability, along with a crash stack trace ( ) showing the heap overflow. Fix: The core fix focuses on the byte counting logic in . The initial fix was deemed incomplete because is incremented twice in the loop, bypassing overflow checks. The corrected version uses to prevent overflow and properly updates and within the loop. Disclosure & Status: The CVE is officially marked as fixed and patched in PHP 5.6.8. The vulnerability status is shown as at the end of the report.