Main Vulnerability Database Vulnerabilities #VU110269

Double free in PHP - CVE-2015-8880

Published: March 1, 2022 / Updated: June 8, 2025

Vulnerability identifier: #VU110269

CSH Severity: High

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber

CVE-ID: CVE-2015-8880

CWE-ID: CWE-415

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
PHP

Software vendor:
PHP Group

Description

The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.

Double free vulnerability in the format printer in PHP 7.x before 7.0.1 allows remote attackers to have an unspecified impact by triggering an error.

Install update from vendor's website.