Key Information Vulnerability ID: #71331 Vulnerability Type: Uninitialized pointer in Submitted: 2016-01-10 17:51 UTC Modified: 2016-04-28 16:59 UTC Status: Closed Assigned To: stas (profile) PHP Version: 5.6.17 Operating System: Linux, Mac CVE-ID: 2016-4343 Vulnerability Description Description: This vulnerability occurs when attempts to parse a malicious file. Issue Origin: In the code , when handling , it parses the input file as a long link filename and assigns to . Test Script: Expected Result: The program receives the SIGSEGV signal, causing a segmentation fault. Actual Result: The program correctly receives the SIGSEGV signal, resulting in a segmentation fault. Fix Recommendation Fix Approach: The return value type of should be checked to determine if it is or , and the case should be handled within . Patches and Requests Patch Submission: The patch has been submitted and is available in the repository. Status Update: Status changed from to . History Assigned: Assigned to stas on 2016-01-15 07:00 UTC. Fix Submitted: Fix submitted on 2016-01-15 07:00 UTC. Status Changed: Status updated to Closed by stas on 2016-02-02 03:57 UTC. CVE-ID: 2016-4343.