Search for packages
| purl | pkg:deb/debian/php5@5.2.0%2Bdfsg-8%2Betch16 |
| Next non-vulnerable version | 5.6.33+dfsg-0+deb8u1 |
| Latest non-vulnerable version | 5.6.33+dfsg-0+deb8u1 |
| Risk | 10.0 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-14yd-pmdm-cue5
Aliases: CVE-2017-16642 |
php: Out-of-bound read in timelib_meridian() |
Affected by 0 other vulnerabilities. |
|
VCID-1r5x-mntv-mkbk
Aliases: CVE-2017-11142 |
php: Denial-of-Service via injecting long form variables |
Affected by 0 other vulnerabilities. |
|
VCID-1s3x-b1vy-qyef
Aliases: CVE-2014-3538 |
file before 5.19 does not properly restrict the amount of data read during a regex search, which allows remote attackers to cause a denial of service (CPU consumption) via a crafted file that triggers backtracking during processing of an awk rule. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-7345. |
Affected by 94 other vulnerabilities. |
|
VCID-2873-ph57-vqhd
Aliases: CVE-2014-3478 |
Buffer overflow in the mconvert function in softmagic.c in file before 5.19, as used in the Fileinfo component in PHP before 5.4.30 and 5.5.x before 5.5.14, allows remote attackers to cause a denial of service (application crash) via a crafted Pascal string in a FILE_PSTRING conversion. |
Affected by 94 other vulnerabilities. |
|
VCID-2c9a-8dmq-a7e4
Aliases: CVE-2014-4670 |
php: SPL Iterators use-after-free |
Affected by 94 other vulnerabilities. |
|
VCID-2h75-z32z-audu
Aliases: CVE-2015-8865 |
The file_check_mem function in funcs.c in file before 5.23, as used in the Fileinfo component in PHP before 5.5.34, 5.6.x before 5.6.20, and 7.x before 7.0.5, mishandles continuation-level jumps, which allows context-dependent attackers to cause a denial of service (buffer overflow and application crash) or possibly execute arbitrary code via a crafted magic file. |
Affected by 0 other vulnerabilities. |
|
VCID-2hx7-yt6y-6yfu
Aliases: CVE-2014-3670 |
php: heap corruption issue in exif_thumbnail() |
Affected by 94 other vulnerabilities. |
|
VCID-2tc5-ce1t-5qb5
Aliases: CVE-2016-5768 |
php: Double free in _php_mb_regex_ereg_replace_exec |
Affected by 0 other vulnerabilities. |
|
VCID-3c3g-pm2j-zycn
Aliases: CVE-2016-4539 |
php: xml_parse_into_struct() can crash when XML parser is re-used |
Affected by 0 other vulnerabilities. |
|
VCID-3sph-xeba-pqdh
Aliases: CVE-2016-5770 |
php: Int/size_t confusion in SplFileObject::fread |
Affected by 0 other vulnerabilities. |
|
VCID-3upc-sykh-3fas
Aliases: CVE-2014-0185 |
php: insecure default permissions on the FPM unix socket |
Affected by 94 other vulnerabilities. |
|
VCID-4jc8-1p7e-4kbh
Aliases: CVE-2015-5589 |
php: segmentation fault in Phar::convertToData on invalid file |
Affected by 94 other vulnerabilities. Affected by 0 other vulnerabilities. |
|
VCID-4nfu-3upc-k3gz
Aliases: CVE-2015-3330 |
php: pipelined request executed in deinitialized interpreter under httpd 2.4 |
Affected by 94 other vulnerabilities. |
|
VCID-4tr4-kyyh-qfbd
Aliases: CVE-2014-3515 |
php: unserialize() SPL ArrayObject / SPLObjectStorage type confusion flaw |
Affected by 94 other vulnerabilities. |
|
VCID-56aq-hzu2-b3af
Aliases: CVE-2016-7125 |
access restriction bypass |
Affected by 0 other vulnerabilities. |
|
VCID-56d2-mxdk-mufx
Aliases: CVE-2015-2787 |
php: use-after-free vulnerability in the process_nested_data function in ext/standard/var_unserializer.re |
Affected by 94 other vulnerabilities. |
|
VCID-5f4s-ce83-pkcw
Aliases: CVE-2014-3710 |
The donote function in readelf.c in file through 5.20, as used in the Fileinfo component in PHP 5.4.34, does not ensure that sufficient note headers are present, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted ELF file. |
Affected by 94 other vulnerabilities. |
|
VCID-5ja7-yuy5-fkh1
Aliases: CVE-2016-5399 |
php: Improper error handling in bzread() |
Affected by 0 other vulnerabilities. |
|
VCID-5nvk-rwhu-t7h5
Aliases: CVE-2016-9934 |
multiple issues |
Affected by 0 other vulnerabilities. |
|
VCID-5p3g-543d-t3fk
Aliases: CVE-2015-2783 |
php: buffer over-read in Phar metadata parsing |
Affected by 94 other vulnerabilities. Affected by 0 other vulnerabilities. |
|
VCID-61nd-wybh-77ha
Aliases: CVE-2016-9138 |
multiple issues |
Affected by 0 other vulnerabilities. |
|
VCID-63jy-g11b-r3h6
Aliases: CVE-2016-4543 |
php: Out-of-bounds heap memory read in exif_read_data() caused by malformed input |
Affected by 0 other vulnerabilities. |
|
VCID-676x-nb3f-8qfj
Aliases: CVE-2016-6292 |
php: Null pointer dereference in exif_process_user_comment |
Affected by 0 other vulnerabilities. |
|
VCID-6emc-8mey-7yex
Aliases: CVE-2016-7478 |
multiple issues |
Affected by 0 other vulnerabilities. |
|
VCID-6eu8-edph-zbbc
Aliases: CVE-2016-5093 |
php: improper nul termination leading to out-of-bounds read in get_icu_value_internal |
Affected by 0 other vulnerabilities. |
|
VCID-6msj-kkak-j3fw
Aliases: CVE-2016-7129 |
php: wddx_deserialize allows illegal memory access |
Affected by 0 other vulnerabilities. |
|
VCID-74wn-qn49-a7aw
Aliases: CVE-2015-4024 |
php: multipart/form-data request parsing CPU usage DoS |
Affected by 94 other vulnerabilities. Affected by 0 other vulnerabilities. |
|
VCID-78j4-s6t7-8yhq
Aliases: CVE-2016-4073 |
php: mb_strcut() Negative size parameter in memcpy |
Affected by 0 other vulnerabilities. |
|
VCID-7mxh-4vcy-6kc8
Aliases: CVE-2015-6834 |
php: multiple unserialization use-after-free issues |
Affected by 94 other vulnerabilities. Affected by 0 other vulnerabilities. |
|
VCID-7n5f-ungj-pufx
Aliases: CVE-2016-4538 |
php: bcpowmod accepts negative scale causing heap buffer overflow corrupting _one_ definition |
Affected by 0 other vulnerabilities. |
|
VCID-81cw-k152-n3f6
Aliases: CVE-2017-11144 |
php: Incorrect return value check of OpenSSL sealing function leads to crash |
Affected by 0 other vulnerabilities. |
|
VCID-84y5-7hge-vbhn
Aliases: CVE-2014-3480 |
The cdf_count_chain function in cdf.c in file before 5.19, as used in the Fileinfo component in PHP before 5.4.30 and 5.5.x before 5.5.14, does not properly validate sector-count data, which allows remote attackers to cause a denial of service (application crash) via a crafted CDF file. |
Affected by 94 other vulnerabilities. |
|
VCID-8aq5-enff-t3hw
Aliases: CVE-2016-7417 |
php: Missing type check when unserializing SplArray |
Affected by 0 other vulnerabilities. |
|
VCID-8efb-71px-rbbr
Aliases: CVE-2016-10158 |
php: Wrong calculation in exif_convert_any_to_int function |
Affected by 0 other vulnerabilities. |
|
VCID-8f34-ubxg-47e4
Aliases: CVE-2016-4070 |
php: Integer overflow in php_raw_url_encode |
Affected by 0 other vulnerabilities. |
|
VCID-8vek-ux8x-vkah
Aliases: CVE-2013-6420 |
php: memory corruption in openssl_x509_parse() |
Affected by 94 other vulnerabilities. |
|
VCID-8zrj-ns16-m3ce
Aliases: CVE-2016-7131 |
php: wddx_deserialize null dereference with invalid xml |
Affected by 0 other vulnerabilities. |
|
VCID-9hjm-qcxq-1kad
Aliases: CVE-2016-9137 |
php: Use after free in unserialize() |
Affected by 0 other vulnerabilities. |
|
VCID-9zm2-5tm6-uuay
Aliases: CVE-2016-6295 |
php: Use after free in SNMP with GC and unserialize() |
Affected by 0 other vulnerabilities. |
|
VCID-agay-5tse-xqbw
Aliases: CVE-2016-3074 |
Integer signedness error in GD Graphics Library 2.1.1 (aka libgd or libgd2) allows remote attackers to cause a denial of service (crash) or potentially execute arbitrary code via crafted compressed gd2 data, which triggers a heap-based buffer overflow. |
Affected by 0 other vulnerabilities. |
|
VCID-ahdb-x78g-kbe6
Aliases: CVE-2016-4541 |
php: OOB read in grapheme_stripos and grapheme_strpos when negative offset is used |
Affected by 0 other vulnerabilities. |
|
VCID-avrk-szvf-13av
Aliases: CVE-2014-3479 |
The cdf_check_stream_offset function in cdf.c in file before 5.19, as used in the Fileinfo component in PHP before 5.4.30 and 5.5.x before 5.5.14, relies on incorrect sector-size data, which allows remote attackers to cause a denial of service (application crash) via a crafted stream offset in a CDF file. |
Affected by 94 other vulnerabilities. |
|
VCID-b1bk-79d2-nqbv
Aliases: DSA-3074-2 php5 |
regression update |
Affected by 94 other vulnerabilities. |
|
VCID-b6e5-7r5w-2qeb
Aliases: CVE-2016-7411 |
php: Memory corruption when destructing deserialized object |
Affected by 0 other vulnerabilities. |
|
VCID-ba6x-3u5h-c3hz
Aliases: CVE-2015-2348 |
php: move_uploaded_file() NUL byte injection in file name |
Affected by 94 other vulnerabilities. |
|
VCID-bch3-8ug7-2ye7
Aliases: CVE-2015-4026 |
php: pcntl_exec() accepts paths with NUL character |
Affected by 94 other vulnerabilities. Affected by 0 other vulnerabilities. |
|
VCID-bddf-r47f-7qek
Aliases: CVE-2014-9427 |
php: out of bounds read when parsing a crafted .php file |
Affected by 94 other vulnerabilities. |
|
VCID-bnrr-5xfs-4bfu
Aliases: CVE-2015-6837 |
php: NULL pointer dereference in XSLTProcessor class |
Affected by 94 other vulnerabilities. Affected by 0 other vulnerabilities. |
|
VCID-bq2j-t19h-zyad
Aliases: CVE-2016-5385 GHSA-m6ch-gg5f-wxx3 |
Improper Access Control PHP does not attempt to address RFC section namespace conflicts and therefore does not protect applications from the presence of untrusted client data in the `HTTP_PROXY` environment variable, which might allow remote attackers to redirect an application's outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request, as demonstrated by (1) an application that makes a getenv('HTTP_PROXY') call or (2) a CGI configuration of PHP, aka an `httpoxy` issue. |
Affected by 0 other vulnerabilities. |
|
VCID-c5dz-ck7j-efcp
Aliases: CVE-2015-4025 |
php: regressions in 5.4+ |
Affected by 94 other vulnerabilities. Affected by 0 other vulnerabilities. |
|
VCID-crbb-xp7h-a3h2
Aliases: CVE-2015-4022 |
php: integer overflow leading to heap overflow when reading FTP file listing |
Affected by 94 other vulnerabilities. Affected by 0 other vulnerabilities. |
|
VCID-cuyy-h7c4-bkdj
Aliases: CVE-2014-1943 |
Fine Free file before 5.17 allows context-dependent attackers to cause a denial of service (infinite recursion, CPU consumption, and crash) via a crafted indirect offset value in the magic of a file. |
Affected by 94 other vulnerabilities. |
|
VCID-cw2n-dvsp-3bgy
Aliases: CVE-2016-5094 |
php: Integer overflow in php_html_entities() |
Affected by 0 other vulnerabilities. |
|
VCID-d3u3-717d-gkby
Aliases: CVE-2015-2301 |
php: use after free in phar_object.c |
Affected by 94 other vulnerabilities. |
|
VCID-dxwc-nmnp-dfaw
Aliases: CVE-2013-4113 |
php: xml_parse_into_struct buffer overflow when parsing deeply nested XML |
Affected by 94 other vulnerabilities. |
|
VCID-e2me-6b2t-vffx
Aliases: CVE-2016-6297 |
php: Stack-based buffer overflow vulnerability in php_stream_zip_opener |
Affected by 0 other vulnerabilities. |
|
VCID-ear8-k1dz-buep
Aliases: CVE-2015-6831 |
php: Use After Free Vulnerability in unserialize() |
Affected by 94 other vulnerabilities. Affected by 0 other vulnerabilities. |
|
VCID-ed1v-hdew-4qfj
Aliases: CVE-2014-4049 |
php: heap-based buffer overflow in DNS TXT record parsing |
Affected by 94 other vulnerabilities. |
|
VCID-eky6-4a9q-ebda
Aliases: CVE-2015-6832 |
php: dangling pointer in the unserialization of ArrayObject items |
Affected by 94 other vulnerabilities. Affected by 0 other vulnerabilities. |
|
VCID-eu6b-up6e-z7gg
Aliases: CVE-2016-6291 |
php: Out-of-bounds access in exif_process_IFD_in_MAKERNOTE |
Affected by 0 other vulnerabilities. |
|
VCID-evnq-hnsj-tyfk
Aliases: CVE-2015-7804 |
php: uninitialized pointer in phar_make_dirstream() |
Affected by 94 other vulnerabilities. Affected by 0 other vulnerabilities. |
|
VCID-f61f-hcan-3kag
Aliases: CVE-2018-5711 |
multiple issues |
Affected by 0 other vulnerabilities. |
|
VCID-f6rv-hqng-fkdq
Aliases: CVE-2015-2331 |
Integer overflow in the _zip_cdir_new function in zip_dirent.c in libzip 0.11.2 and earlier, as used in the ZIP extension in PHP before 5.4.39, 5.5.x before 5.5.23, and 5.6.x before 5.6.7 and other products, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a ZIP archive that contains many entries, leading to a heap-based buffer overflow. |
Affected by 94 other vulnerabilities. |
|
VCID-faej-eeam-yuhz
Aliases: CVE-2016-7479 |
php: Use-after-free vulnerability when resizing the 'properties' hash table of a serialized object |
Affected by 0 other vulnerabilities. |
|
VCID-fmz4-96xm-ebd6
Aliases: CVE-2014-8117 |
softmagic.c in file before 5.21 does not properly limit recursion, which allows remote attackers to cause a denial of service (CPU consumption or crash) via unspecified vectors. |
Affected by 94 other vulnerabilities. |
|
VCID-fqrm-ga7u-t7cn
Aliases: CVE-2016-5096 |
php: Integer underflow causing arbitrary null write in fread/gzread |
Affected by 0 other vulnerabilities. |
|
VCID-fs7a-5j64-23bt
Aliases: CVE-2015-0231 |
php: use after free vulnerability in unserialize() (incomplete fix of CVE-2014-8142) |
Affected by 94 other vulnerabilities. |
|
VCID-fxw5-mpgk-fqd3
Aliases: CVE-2016-10160 |
php: Off-by-one error in phar_parse_pharfile when loading crafted phar archive |
Affected by 0 other vulnerabilities. |
|
VCID-fycp-est3-1keh
Aliases: CVE-2016-4072 |
php: Invalid memory write in phar on filename containing \0 inside name |
Affected by 0 other vulnerabilities. |
|
VCID-g2ck-r15b-4qa2
Aliases: CVE-2016-5772 |
php: Double Free Corruption in wddx_deserialize |
Affected by 0 other vulnerabilities. |
|
VCID-g7hu-58fp-wkh2
Aliases: CVE-2014-3669 |
php: integer overflow in unserialize() |
Affected by 94 other vulnerabilities. |
|
VCID-gc82-p6sr-c7ew
Aliases: CVE-2014-9652 |
The mconvert function in softmagic.c in file before 5.21, as used in the Fileinfo component in PHP before 5.4.37, 5.5.x before 5.5.21, and 5.6.x before 5.6.5, does not properly handle a certain string-length field during a copy of a truncated version of a Pascal string, which might allow remote attackers to cause a denial of service (out-of-bounds memory access and application crash) via a crafted file. |
Affected by 94 other vulnerabilities. |
|
VCID-gja5-736x-jffr
Aliases: CVE-2016-7414 |
php: Out of bounds heap read when verifying signature of zip phar in phar_parse_zipfile |
Affected by 0 other vulnerabilities. |
|
VCID-gm44-w424-2kgu
Aliases: CVE-2016-6294 |
php: Out-of-bounds access in locale_accept_from_http |
Affected by 0 other vulnerabilities. |
|
VCID-gta4-atgc-tkfk
Aliases: CVE-2013-4248 |
php: hostname check bypassing vulnerability in SSL client |
Affected by 94 other vulnerabilities. |
|
VCID-h2ee-c2nz-aqa1
Aliases: CVE-2016-4537 |
php: bcpowmod accepts negative scale causing heap buffer overflow corrupting _one_ definition |
Affected by 0 other vulnerabilities. |
|
VCID-h5nv-ghdt-8bfr
Aliases: CVE-2016-5771 |
php: Use After Free Vulnerability in PHP's GC algorithm and unserialize |
Affected by 0 other vulnerabilities. |
|
VCID-h94x-xwkc-g7b6
Aliases: CVE-2016-7416 |
php: Stack based buffer overflow in msgfmt_format_message |
Affected by 0 other vulnerabilities. |
|
VCID-he8d-8ahq-yub7
Aliases: CVE-2016-7128 |
php: Memory Leakage In exif_process_IFD_in_TIFF |
Affected by 0 other vulnerabilities. |
|
VCID-j1b9-hpxd-tqbv
Aliases: CVE-2016-7127 |
The imagegammacorrect function in ext/gd/gd.c in PHP before 5.6.25 and 7.x before 7.0.10 does not properly validate gamma values, which allows remote attackers to cause a denial of service (out-of-bounds write) or possibly have unspecified other impact by providing different signs for the second and third arguments. |
Affected by 0 other vulnerabilities. |
|
VCID-j4ct-986j-j3bb
Aliases: DSA-3198-2 php5 |
regression update |
Affected by 94 other vulnerabilities. |
|
VCID-j6va-vs81-bbhn
Aliases: CVE-2016-7418 |
php: Null pointer dereference in php_wddx_push_element |
Affected by 0 other vulnerabilities. |
|
VCID-jqx9-6dbx-m3bh
Aliases: CVE-2016-4544 |
php: Out-of-bounds heap memory read in exif_read_data() caused by malformed input |
Affected by 0 other vulnerabilities. |
|
VCID-k256-kf2y-syaa
Aliases: CVE-2015-0232 |
php: Free called on unitialized pointer in exif.c |
Affected by 94 other vulnerabilities. |
|
VCID-k2u2-ddnx-zya3
Aliases: CVE-2015-6835 |
php: use-after-free vulnerability in session deserializer |
Affected by 94 other vulnerabilities. Affected by 0 other vulnerabilities. |
|
VCID-k6m7-rzf9-a3hy
Aliases: CVE-2014-3487 |
The cdf_read_property_info function in file before 5.19, as used in the Fileinfo component in PHP before 5.4.30 and 5.5.x before 5.5.14, does not properly validate a stream offset, which allows remote attackers to cause a denial of service (application crash) via a crafted CDF file. |
Affected by 94 other vulnerabilities. |
|
VCID-k84g-a51c-fugu
Aliases: CVE-2016-7126 |
The imagetruecolortopalette function in ext/gd/gd.c in PHP before 5.6.25 and 7.x before 7.0.10 does not properly validate the number of colors, which allows remote attackers to cause a denial of service (select_colors allocation error and out-of-bounds write) or possibly have unspecified other impact via a large value in the third argument. |
Affected by 0 other vulnerabilities. |
|
VCID-kuga-71fb-c7gu
Aliases: CVE-2014-2270 |
softmagic.c in file before 5.17 and libmagic allows context-dependent attackers to cause a denial of service (out-of-bounds memory access and crash) via crafted offsets in the softmagic of a PE executable. |
Affected by 94 other vulnerabilities. |
|
VCID-m6q7-7257-vyg8
Aliases: CVE-2016-7413 |
php: Use after free in wddx_deserialize |
Affected by 0 other vulnerabilities. |
|
VCID-mjbr-whkd-suge
Aliases: CVE-2015-1352 |
php: NULL pointer dereference in pgsql extension |
Affected by 94 other vulnerabilities. |
|
VCID-mvan-s6cw-dqgg
Aliases: CVE-2014-8142 |
php: use after free vulnerability in unserialize() |
Affected by 94 other vulnerabilities. |
|
VCID-mwnw-synf-fbc1
Aliases: CVE-2014-0237 |
The cdf_unpack_summary_info function in cdf.c in the Fileinfo component in PHP before 5.4.29 and 5.5.x before 5.5.13 allows remote attackers to cause a denial of service (performance degradation) by triggering many file_printf calls. |
Affected by 94 other vulnerabilities. |
|
VCID-mz9d-g165-byby
Aliases: CVE-2016-10161 |
php: Out-of-bounds heap read on unserialize in finish_nested_data() |
Affected by 0 other vulnerabilities. |
|
VCID-n7ad-auw3-ffbf
Aliases: CVE-2016-9933 |
multiple issues |
Affected by 0 other vulnerabilities. |
|
VCID-n7d6-ytu8-d3au
Aliases: CVE-2017-12933 |
php: buffer over-read in finish_nested_data function |
Affected by 0 other vulnerabilities. |
|
VCID-nfed-ph6f-73dp
Aliases: CVE-2014-3597 |
php: multiple buffer over-reads in php_parserr |
Affected by 94 other vulnerabilities. |
|
VCID-npzd-q347-2ygw
Aliases: CVE-2016-6289 |
php: Integer overflow leads to buffer overflow in virtual_file_ex |
Affected by 0 other vulnerabilities. |
|
VCID-ntfd-11uq-cqcs
Aliases: CVE-2018-5712 |
php: Reflected XSS on PHAR 404 page |
Affected by 0 other vulnerabilities. |
|
VCID-p656-hbjf-23dh
Aliases: CVE-2015-4021 |
php: memory corruption in phar_parse_tarfile caused by empty entry file name |
Affected by 94 other vulnerabilities. Affected by 0 other vulnerabilities. |
|
VCID-p68m-zygn-e7c2
Aliases: CVE-2016-6296 |
Integer signedness error in the simplestring_addn function in simplestring.c in xmlrpc-epi through 0.54.2, as used in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9, allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a long first argument to the PHP xmlrpc_encode_request function. |
Affected by 0 other vulnerabilities. |
|
VCID-pfjm-aaa7-67h9
Aliases: CVE-2015-4644 |
php: NULL pointer dereference in php_pgsql_meta_data() |
Affected by 94 other vulnerabilities. Affected by 0 other vulnerabilities. |
|
VCID-ptnr-7zdy-v3df
Aliases: CVE-2016-4540 |
php: OOB read in grapheme_stripos and grapheme_strpos when negative offset is used |
Affected by 0 other vulnerabilities. |
|
VCID-py2t-k259-aqcy
Aliases: CVE-2015-5590 |
php: buffer overflow and stack smashing error in phar_fix_filepath |
Affected by 94 other vulnerabilities. Affected by 0 other vulnerabilities. |
|
VCID-qjmc-s5j7-6bf5
Aliases: CVE-2015-6833 |
php: Files from archive can be extracted outside of destination directory using phar |
Affected by 94 other vulnerabilities. Affected by 0 other vulnerabilities. |
|
VCID-qnse-rwhf-c3aa
Aliases: CVE-2015-6836 |
php: SOAP serialize_function_call() type confusion |
Affected by 94 other vulnerabilities. Affected by 0 other vulnerabilities. |
|
VCID-qqgd-zrvc-2uaf
Aliases: CVE-2014-3587 |
Integer overflow in the cdf_read_property_info function in cdf.c in file through 5.19, as used in the Fileinfo component in PHP before 5.4.32 and 5.5.x before 5.5.16, allows remote attackers to cause a denial of service (application crash) via a crafted CDF file. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-1571. |
Affected by 94 other vulnerabilities. |
|
VCID-rcc5-73de-7bgb
Aliases: CVE-2016-4542 |
php: Out-of-bounds heap memory read in exif_read_data() caused by malformed input |
Affected by 0 other vulnerabilities. |
|
VCID-ree2-2t6w-gffp
Aliases: CVE-2014-9705 |
php: heap buffer overflow in enchant_broker_request_dict() |
Affected by 94 other vulnerabilities. |
|
VCID-rrcw-n2jt-sfde
Aliases: CVE-2015-2305 |
Integer overflow in the regcomp implementation in the Henry Spencer BSD regex library (aka rxspencer) alpha3.8.g5 on 32-bit platforms, as used in NetBSD through 6.1.5 and other products, might allow context-dependent attackers to execute arbitrary code via a large regular expression that leads to a heap-based buffer overflow. |
Affected by 94 other vulnerabilities. |
|
VCID-scd1-g67x-3ybp
Aliases: CVE-2013-7345 |
The BEGIN regular expression in the awk script detector in magic/Magdir/commands in file before 5.15 uses multiple wildcards with unlimited repetitions, which allows context-dependent attackers to cause a denial of service (CPU consumption) via a crafted ASCII file that triggers a large amount of backtracking, as demonstrated via a file with many newline characters. |
Affected by 94 other vulnerabilities. |
|
VCID-sutq-9jfh-gqdm
Aliases: CVE-2015-4598 |
php: missing null byte checks for paths in DOM and GD extensions |
Affected by 94 other vulnerabilities. Affected by 0 other vulnerabilities. |
|
VCID-suwa-4qu5-fbbp
Aliases: CVE-2017-11628 |
php: Stack based 1-byte buffer over-write in zend_ini_do_op() function Zend/zend_ini_parser.c |
Affected by 0 other vulnerabilities. |
|
VCID-svn6-nevt-hug7
Aliases: CVE-2015-6838 |
php: NULL pointer dereference in XSLTProcessor class |
Affected by 94 other vulnerabilities. Affected by 0 other vulnerabilities. |
|
VCID-t2mj-e8d3-ffhu
Aliases: CVE-2015-7803 |
php: NULL pointer dereference in phar_get_fp_offset() |
Affected by 94 other vulnerabilities. Affected by 0 other vulnerabilities. |
|
VCID-tdjj-8y7x-4ua2
Aliases: CVE-2016-5095 |
php: Integer overflow in php_filter_full_special_chars |
Affected by 0 other vulnerabilities. |
|
VCID-txw9-6pkk-dydr
Aliases: CVE-2015-4643 |
php: integer overflow in ftp_genlist() resulting in heap overflow (improved fix for CVE-2015-4022) |
Affected by 94 other vulnerabilities. Affected by 0 other vulnerabilities. |
|
VCID-tyr1-ue62-suba
Aliases: CVE-2016-5773 |
php: ZipArchive class Use After Free Vulnerability in PHP's GC algorithm and unserialize |
Affected by 0 other vulnerabilities. |
|
VCID-v62b-fqv9-dkhh
Aliases: CVE-2013-6712 |
php: heap-based buffer over-read in DateInterval |
Affected by 94 other vulnerabilities. |
|
VCID-v6h2-pawz-hyhu
Aliases: CVE-2016-6290 |
php: Use after free in unserialize() with Unexpected Session Deserialization |
Affected by 0 other vulnerabilities. |
|
VCID-vh9q-qzwq-vkgb
Aliases: CVE-2016-7124 |
php: bypass __wakeup() in deserialization of an unexpected object |
Affected by 0 other vulnerabilities. |
|
VCID-vrkg-reyp-rbbz
Aliases: CVE-2015-0273 |
php: use after free vulnerability in unserialize() with DateTimeZone |
Affected by 94 other vulnerabilities. |
|
VCID-vzpx-9c2a-9ueh
Aliases: CVE-2017-11143 |
php: Incorrect WDDX deserialization of boolean parameters leads to DoS |
Affected by 0 other vulnerabilities. |
|
VCID-wdcy-9v3g-xqaz
Aliases: CVE-2013-7456 |
gd_interpolation.c in the GD Graphics Library (aka libgd) before 2.1.1, as used in PHP before 5.5.36, 5.6.x before 5.6.22, and 7.x before 7.0.7, allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a crafted image that is mishandled by the imagescale function. |
Affected by 0 other vulnerabilities. |
|
VCID-wdyd-wy11-mkg1
Aliases: CVE-2016-4071 |
php: Format string vulnerability in php_snmp_error() |
Affected by 0 other vulnerabilities. |
|
VCID-wfwt-ts5n-2bh1
Aliases: CVE-2016-5769 |
php: Integer Overflows in mcrypt_generic() and mdecrypt_generic() resulting in heap overflows |
Affected by 0 other vulnerabilities. |
|
VCID-wmyz-1bey-bfde
Aliases: CVE-2014-4721 |
php: type confusion issue in phpinfo() leading to information leak |
Affected by 94 other vulnerabilities. |
|
VCID-wx7w-pq4c-37bc
Aliases: CVE-2015-3329 |
php: buffer overflow in phar_set_inode() |
Affected by 94 other vulnerabilities. Affected by 0 other vulnerabilities. |
|
VCID-xfvy-2tz2-sbdg
Aliases: CVE-2016-7412 |
php: Heap overflow in mysqlnd when not receiving UNSIGNED_FLAG in BIT field |
Affected by 0 other vulnerabilities. |
|
VCID-xnwu-1c4n-r7b4
Aliases: CVE-2016-9935 |
multiple issues |
Affected by 0 other vulnerabilities. |
|
VCID-xvxf-js9u-yyff
Aliases: CVE-2014-0238 |
The cdf_read_property_info function in cdf.c in the Fileinfo component in PHP before 5.4.29 and 5.5.x before 5.5.13 allows remote attackers to cause a denial of service (infinite loop or out-of-bounds memory access) via a vector that (1) has zero length or (2) is too long. |
Affected by 94 other vulnerabilities. |
|
VCID-ydku-1rdq-nkek
Aliases: CVE-2015-3307 |
php: invalid pointer free() in phar_tar_process_metadata() |
Affected by 94 other vulnerabilities. Affected by 0 other vulnerabilities. |
|
VCID-z3zy-kryc-6bgu
Aliases: CVE-2014-3668 |
php: xmlrpc ISO8601 date format parsing out-of-bounds read in mkgmtime() |
Affected by 94 other vulnerabilities. |
|
VCID-zacb-53ek-6kak
Aliases: CVE-2016-7132 |
php: wddx_deserialize null dereference in php_wddx_pop_element |
Affected by 0 other vulnerabilities. |
|
VCID-zhja-rdcg-t7fb
Aliases: CVE-2017-11145 |
php: wddx_deserialize() heap out-of-bound read via php_parse_date() |
Affected by 0 other vulnerabilities. |
|
VCID-zmzd-gp6s-9ucq
Aliases: CVE-2016-7130 |
php: wddx_deserialize null dereference |
Affected by 0 other vulnerabilities. |
|
VCID-zmzs-1p6f-qkcm
Aliases: CVE-2016-10159 |
php: Integer overflow in phar_parse_pharfile |
Affected by 0 other vulnerabilities. |
|
VCID-zqdy-kvwk-3ubd
Aliases: CVE-2014-0207 |
The cdf_read_short_sector function in cdf.c in file before 5.19, as used in the Fileinfo component in PHP before 5.4.30 and 5.5.x before 5.5.14, allows remote attackers to cause a denial of service (assertion failure and application exit) via a crafted CDF file. |
Affected by 94 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||