{"url":"http://public2.vulnerablecode.io/api/packages/156253?format=json","purl":"pkg:rpm/redhat/rh-php56-php@5.6.25-1?arch=el7","type":"rpm","namespace":"redhat","name":"rh-php56-php","version":"5.6.25-1","qualifiers":{"arch":"el7"},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":null,"latest_non_vulnerable_version":null,"affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/113444?format=json","vulnerability_id":"VCID-1tzr-b9sy-77gq","summary":"php: Zend/zend_exceptions.c does not validate certain Exception objects","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-8876.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-8876.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-8876","reference_id":"","reference_type":"","scores":[{"value":"0.12237","scoring_system":"epss","scoring_elements":"0.93979","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-8876"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1338896","reference_id":"1338896","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1338896"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:2750","reference_id":"RHSA-2016:2750","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:2750"}],"fixed_packages":[],"aliases":["CVE-2015-8876"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-1tzr-b9sy-77gq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/76121?format=json","vulnerability_id":"VCID-2acw-93jf-vub1","summary":"Stack consumption vulnerability in GD in PHP before 5.6.12 allows remote attackers to cause a denial of service via a crafted imagefilltoborder call.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-8874.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-8874.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-8874","reference_id":"","reference_type":"","scores":[{"value":"0.04079","scoring_system":"epss","scoring_elements":"0.88757","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-8874"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1336772","reference_id":"1336772","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1336772"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=824627","reference_id":"824627","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=824627"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:2750","reference_id":"RHSA-2016:2750","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:2750"}],"fixed_packages":[],"aliases":["CVE-2015-8874"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-2acw-93jf-vub1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/67909?format=json","vulnerability_id":"VCID-2h75-z32z-audu","summary":"The file_check_mem function in funcs.c in file before 5.23, as used in the Fileinfo component in PHP before 5.5.34, 5.6.x before 5.6.20, and 7.x before 7.0.5, mishandles continuation-level jumps, which allows context-dependent attackers to cause a denial of service (buffer overflow and application crash) or possibly execute arbitrary code via a crafted magic file.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-8865.json","reference_id":"","reference_type":"","scores":[{"value":"5.6","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-8865.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-8865","reference_id":"","reference_type":"","scores":[{"value":"0.01014","scoring_system":"epss","scoring_elements":"0.77492","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-8865"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8865","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8865"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4070","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4070"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4071","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4071"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4072","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4072"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4073","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4073"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1323118","reference_id":"1323118","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1323118"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=827377","reference_id":"827377","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=827377"},{"reference_url":"https://security.gentoo.org/glsa/201701-42","reference_id":"GLSA-201701-42","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201701-42"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:2750","reference_id":"RHSA-2016:2750","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:2750"}],"fixed_packages":[],"aliases":["CVE-2015-8865"],"risk_score":2.5,"exploitability":"0.5","weighted_severity":"5.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-2h75-z32z-audu"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/38291?format=json","vulnerability_id":"VCID-2qwh-71ab-3qef","summary":"Improper Restriction of Operations within the Bounds of a Memory Buffer\nHeap-based buffer overflow in PCRE and PCRE2 allows remote attackers to execute arbitrary code via a crafted regular expression.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-3210.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-3210.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-3210","reference_id":"","reference_type":"","scores":[{"value":"0.0573","scoring_system":"epss","scoring_elements":"0.90596","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-3210"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1287623","reference_id":"1287623","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1287623"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=787433","reference_id":"787433","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=787433"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2015-3210","reference_id":"CVE-2015-3210","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2015-3210"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:1132","reference_id":"RHSA-2016:1132","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:1132"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:2750","reference_id":"RHSA-2016:2750","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:2750"}],"fixed_packages":[],"aliases":["CVE-2015-3210"],"risk_score":0.1,"exploitability":"0.5","weighted_severity":"0.1","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-2qwh-71ab-3qef"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/112733?format=json","vulnerability_id":"VCID-2tc5-ce1t-5qb5","summary":"php: Double free in _php_mb_regex_ereg_replace_exec","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-5768.json","reference_id":"","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-5768.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-5768","reference_id":"","reference_type":"","scores":[{"value":"0.20989","scoring_system":"epss","scoring_elements":"0.95749","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-5768"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5768","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5768"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5769","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5769"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5770","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5770"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5771","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5771"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5772","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5772"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5773","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5773"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1351168","reference_id":"1351168","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1351168"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:2598","reference_id":"RHSA-2016:2598","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:2598"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:2750","reference_id":"RHSA-2016:2750","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:2750"}],"fixed_packages":[],"aliases":["CVE-2016-5768"],"risk_score":1.6,"exploitability":"0.5","weighted_severity":"3.3","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-2tc5-ce1t-5qb5"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/97628?format=json","vulnerability_id":"VCID-2vkd-7m31-zue9","summary":"PCRE before 8.38 mishandles certain repeated conditional groups, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-8383.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-8383.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-8383","reference_id":"","reference_type":"","scores":[{"value":"0.02335","scoring_system":"epss","scoring_elements":"0.85139","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-8383"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1287614","reference_id":"1287614","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1287614"},{"reference_url":"https://security.gentoo.org/glsa/201607-02","reference_id":"GLSA-201607-02","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201607-02"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:1132","reference_id":"RHSA-2016:1132","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:1132"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:2750","reference_id":"RHSA-2016:2750","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:2750"}],"fixed_packages":[],"aliases":["CVE-2015-8383"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-2vkd-7m31-zue9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/112887?format=json","vulnerability_id":"VCID-3c3g-pm2j-zycn","summary":"php: xml_parse_into_struct() can crash when XML parser is re-used","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-4539.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-4539.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-4539","reference_id":"","reference_type":"","scores":[{"value":"0.04506","scoring_system":"epss","scoring_elements":"0.89323","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-4539"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1332877","reference_id":"1332877","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1332877"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:2750","reference_id":"RHSA-2016:2750","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:2750"}],"fixed_packages":[],"aliases":["CVE-2016-4539"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-3c3g-pm2j-zycn"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/112734?format=json","vulnerability_id":"VCID-3sph-xeba-pqdh","summary":"php: Int/size_t confusion in SplFileObject::fread","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-5770.json","reference_id":"","reference_type":"","scores":[{"value":"5.6","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-5770.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-5770","reference_id":"","reference_type":"","scores":[{"value":"0.10051","scoring_system":"epss","scoring_elements":"0.93207","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-5770"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5768","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5768"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5769","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5769"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5770","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5770"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5771","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5771"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5772","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5772"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5773","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5773"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1351171","reference_id":"1351171","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1351171"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:2750","reference_id":"RHSA-2016:2750","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:2750"}],"fixed_packages":[],"aliases":["CVE-2016-5770"],"risk_score":2.5,"exploitability":"0.5","weighted_severity":"5.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-3sph-xeba-pqdh"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/6653?format=json","vulnerability_id":"VCID-56aq-hzu2-b3af","summary":"access restriction bypass","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-7125.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-7125.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-7125","reference_id":"","reference_type":"","scores":[{"value":"0.00546","scoring_system":"epss","scoring_elements":"0.6818","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-7125"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7124","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7124"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7125","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7125"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7126","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7126"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7127","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7127"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7128","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7128"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7129","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7129"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7130","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7130"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7131","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7131"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7132","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7132"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7411","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7411"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7412","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7412"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7413","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7413"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7414","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7414"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7416","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7416"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7417","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7417"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7418","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7418"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1374698","reference_id":"1374698","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1374698"},{"reference_url":"https://security.archlinux.org/AVG-152","reference_id":"AVG-152","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-152"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:2750","reference_id":"RHSA-2016:2750","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:2750"}],"fixed_packages":[],"aliases":["CVE-2016-7125"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-56aq-hzu2-b3af"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/112662?format=json","vulnerability_id":"VCID-5ja7-yuy5-fkh1","summary":"php: Improper error handling in bzread()","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-5399.json","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-5399.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-5399","reference_id":"","reference_type":"","scores":[{"value":"0.13858","scoring_system":"epss","scoring_elements":"0.9443","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-5399"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1358395","reference_id":"1358395","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1358395"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/dos/40155.py","reference_id":"CVE-2016-5399","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/dos/40155.py"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:2598","reference_id":"RHSA-2016:2598","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:2598"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:2750","reference_id":"RHSA-2016:2750","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:2750"}],"fixed_packages":[],"aliases":["CVE-2016-5399"],"risk_score":3.6,"exploitability":"0.5","weighted_severity":"7.3","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-5ja7-yuy5-fkh1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/112891?format=json","vulnerability_id":"VCID-63jy-g11b-r3h6","summary":"php: Out-of-bounds heap memory read in exif_read_data() caused by malformed input","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-4543.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-4543.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-4543","reference_id":"","reference_type":"","scores":[{"value":"0.05437","scoring_system":"epss","scoring_elements":"0.90334","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-4543"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1332865","reference_id":"1332865","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1332865"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:2750","reference_id":"RHSA-2016:2750","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:2750"}],"fixed_packages":[],"aliases":["CVE-2016-4543"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-63jy-g11b-r3h6"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/112658?format=json","vulnerability_id":"VCID-676x-nb3f-8qfj","summary":"php: Null pointer dereference in exif_process_user_comment","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-6292.json","reference_id":"","reference_type":"","scores":[{"value":"6.2","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-6292.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-6292","reference_id":"","reference_type":"","scores":[{"value":"0.06201","scoring_system":"epss","scoring_elements":"0.91025","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-6292"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1359756","reference_id":"1359756","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1359756"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:2750","reference_id":"RHSA-2016:2750","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:2750"}],"fixed_packages":[],"aliases":["CVE-2016-6292"],"risk_score":2.8,"exploitability":"0.5","weighted_severity":"5.6","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-676x-nb3f-8qfj"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/112831?format=json","vulnerability_id":"VCID-6eu8-edph-zbbc","summary":"php: improper nul termination leading to out-of-bounds read in get_icu_value_internal","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-5093.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-5093.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-5093","reference_id":"","reference_type":"","scores":[{"value":"0.01534","scoring_system":"epss","scoring_elements":"0.81659","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-5093"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1339590","reference_id":"1339590","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1339590"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:2750","reference_id":"RHSA-2016:2750","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:2750"}],"fixed_packages":[],"aliases":["CVE-2016-5093"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-6eu8-edph-zbbc"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/112557?format=json","vulnerability_id":"VCID-6msj-kkak-j3fw","summary":"php: wddx_deserialize allows illegal memory access","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-7129.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-7129.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-7129","reference_id":"","reference_type":"","scores":[{"value":"0.01858","scoring_system":"epss","scoring_elements":"0.83394","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-7129"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1374705","reference_id":"1374705","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1374705"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:2750","reference_id":"RHSA-2016:2750","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:2750"}],"fixed_packages":[],"aliases":["CVE-2016-7129"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-6msj-kkak-j3fw"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/112974?format=json","vulnerability_id":"VCID-78j4-s6t7-8yhq","summary":"php: mb_strcut() Negative size parameter in memcpy","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-4073.json","reference_id":"","reference_type":"","scores":[{"value":"4.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-4073.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-4073","reference_id":"","reference_type":"","scores":[{"value":"0.11044","scoring_system":"epss","scoring_elements":"0.93582","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-4073"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1323103","reference_id":"1323103","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1323103"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:2750","reference_id":"RHSA-2016:2750","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:2750"}],"fixed_packages":[],"aliases":["CVE-2016-4073"],"risk_score":2.0,"exploitability":"0.5","weighted_severity":"4.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-78j4-s6t7-8yhq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/97629?format=json","vulnerability_id":"VCID-7cc1-8j9m-87gj","summary":"PCRE before 8.38 mishandles the /(?J)(?'d'(?'d'\\g{d}))/ pattern and related patterns with certain recursive back references, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror, a related issue to CVE-2015-8392 and CVE-2015-8395.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-8384.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-8384.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-8384","reference_id":"","reference_type":"","scores":[{"value":"0.01192","scoring_system":"epss","scoring_elements":"0.79186","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-8384"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1287623","reference_id":"1287623","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1287623"},{"reference_url":"https://security.gentoo.org/glsa/201607-02","reference_id":"GLSA-201607-02","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201607-02"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:1132","reference_id":"RHSA-2016:1132","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:1132"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:2750","reference_id":"RHSA-2016:2750","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:2750"}],"fixed_packages":[],"aliases":["CVE-2015-8384"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-7cc1-8j9m-87gj"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/112889?format=json","vulnerability_id":"VCID-7n5f-ungj-pufx","summary":"php: bcpowmod accepts negative scale causing heap buffer overflow corrupting _one_ definition","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-4538.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-4538.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-4538","reference_id":"","reference_type":"","scores":[{"value":"0.06482","scoring_system":"epss","scoring_elements":"0.91256","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-4538"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7456","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7456"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3074","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3074"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4537","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4537"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4538","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4538"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4539","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4539"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4540","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4540"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4541","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4541"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4542","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4542"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4543","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4543"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4544","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4544"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5093","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5093"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5094","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5094"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5095","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5095"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5096","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5096"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1332860","reference_id":"1332860","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1332860"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:2750","reference_id":"RHSA-2016:2750","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:2750"}],"fixed_packages":[],"aliases":["CVE-2016-4538"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-7n5f-ungj-pufx"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/112987?format=json","vulnerability_id":"VCID-8f34-ubxg-47e4","summary":"php: Integer overflow in php_raw_url_encode","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-4070.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-4070.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-4070","reference_id":"","reference_type":"","scores":[{"value":"0.06468","scoring_system":"epss","scoring_elements":"0.91244","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-4070"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1323114","reference_id":"1323114","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1323114"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:2750","reference_id":"RHSA-2016:2750","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:2750"}],"fixed_packages":[],"aliases":["CVE-2016-4070"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-8f34-ubxg-47e4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/112559?format=json","vulnerability_id":"VCID-8zrj-ns16-m3ce","summary":"php: wddx_deserialize null dereference with invalid xml","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-7131.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-7131.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-7131","reference_id":"","reference_type":"","scores":[{"value":"0.06375","scoring_system":"epss","scoring_elements":"0.91169","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-7131"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7124","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7124"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7125","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7125"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7126","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7126"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7127","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7127"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7128","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7128"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7129","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7129"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7130","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7130"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7131","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7131"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7132","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7132"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7411","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7411"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7412","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7412"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7413","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7413"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7414","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7414"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7416","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7416"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7417","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7417"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7418","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7418"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1374708","reference_id":"1374708","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1374708"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:2750","reference_id":"RHSA-2016:2750","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:2750"}],"fixed_packages":[],"aliases":["CVE-2016-7131"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-8zrj-ns16-m3ce"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/112738?format=json","vulnerability_id":"VCID-9zm2-5tm6-uuay","summary":"php: Use after free in SNMP with GC and unserialize()","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-6295.json","reference_id":"","reference_type":"","scores":[{"value":"7.0","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-6295.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-6295","reference_id":"","reference_type":"","scores":[{"value":"0.05124","scoring_system":"epss","scoring_elements":"0.90019","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-6295"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5385","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5385"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5399","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5399"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6289","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6289"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6290","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6290"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6291","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6291"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6292","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6292"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6294","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6294"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6295","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6295"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6296","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6296"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6297","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6297"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1359815","reference_id":"1359815","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1359815"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:2750","reference_id":"RHSA-2016:2750","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:2750"}],"fixed_packages":[],"aliases":["CVE-2016-6295"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.3","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-9zm2-5tm6-uuay"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/76126?format=json","vulnerability_id":"VCID-agay-5tse-xqbw","summary":"Integer signedness error in GD Graphics Library 2.1.1 (aka libgd or libgd2) allows remote attackers to cause a denial of service (crash) or potentially execute arbitrary code via crafted compressed gd2 data, which triggers a heap-based buffer overflow.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-3074.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-3074.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-3074","reference_id":"","reference_type":"","scores":[{"value":"0.60488","scoring_system":"epss","scoring_elements":"0.98311","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-3074"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3074","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3074"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1321893","reference_id":"1321893","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1321893"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=822242","reference_id":"822242","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=822242"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/remote/39736.txt","reference_id":"CVE-2016-3074","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/remote/39736.txt"},{"reference_url":"https://security.gentoo.org/glsa/201607-04","reference_id":"GLSA-201607-04","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201607-04"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:2750","reference_id":"RHSA-2016:2750","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:2750"}],"fixed_packages":[],"aliases":["CVE-2016-3074"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-agay-5tse-xqbw"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/112924?format=json","vulnerability_id":"VCID-ahdb-x78g-kbe6","summary":"php: OOB read in grapheme_stripos and grapheme_strpos when negative offset is used","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-4541.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-4541.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-4541","reference_id":"","reference_type":"","scores":[{"value":"0.01936","scoring_system":"epss","scoring_elements":"0.83737","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-4541"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1332872","reference_id":"1332872","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1332872"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:2750","reference_id":"RHSA-2016:2750","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:2750"}],"fixed_packages":[],"aliases":["CVE-2016-4541"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ahdb-x78g-kbe6"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/113043?format=json","vulnerability_id":"VCID-ajpn-dv7n-jufa","summary":"php: Use after free in WDDX Deserialize when processing XML data","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-3141.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-3141.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-3141","reference_id":"","reference_type":"","scores":[{"value":"0.72278","scoring_system":"epss","scoring_elements":"0.98777","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-3141"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1315328","reference_id":"1315328","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1315328"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:2750","reference_id":"RHSA-2016:2750","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:2750"}],"fixed_packages":[],"aliases":["CVE-2016-3141"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ajpn-dv7n-jufa"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/113484?format=json","vulnerability_id":"VCID-at87-v2zb-7fhy","summary":"php: type confusion issue in Soap Client call() method","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-8835.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-8835.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-8835","reference_id":"","reference_type":"","scores":[{"value":"0.04045","scoring_system":"epss","scoring_elements":"0.88714","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-8835"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1323074","reference_id":"1323074","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1323074"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:2750","reference_id":"RHSA-2016:2750","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:2750"}],"fixed_packages":[],"aliases":["CVE-2015-8835"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-at87-v2zb-7fhy"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/97630?format=json","vulnerability_id":"VCID-by6c-cfvh-4uev","summary":"PCRE before 8.38 mishandles the /(?|(\\k'Pm')|(?'Pm'))/ pattern and related patterns with certain forward references, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-8385.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-8385.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-8385","reference_id":"","reference_type":"","scores":[{"value":"0.05145","scoring_system":"epss","scoring_elements":"0.90041","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-8385"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1287629","reference_id":"1287629","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1287629"},{"reference_url":"https://security.gentoo.org/glsa/201607-02","reference_id":"GLSA-201607-02","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201607-02"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:1025","reference_id":"RHSA-2016:1025","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:1025"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:1132","reference_id":"RHSA-2016:1132","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:1132"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:2750","reference_id":"RHSA-2016:2750","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:2750"}],"fixed_packages":[],"aliases":["CVE-2015-8385"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-by6c-cfvh-4uev"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/97633?format=json","vulnerability_id":"VCID-c2g2-p2eq-mygx","summary":"PCRE before 8.38 mishandles the /(?=di(?<=(?1))|(?=(.))))/ pattern and related patterns with an unmatched closing parenthesis, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-8388.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-8388.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-8388","reference_id":"","reference_type":"","scores":[{"value":"0.04176","scoring_system":"epss","scoring_elements":"0.88888","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-8388"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1237223","reference_id":"1237223","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1237223"},{"reference_url":"https://security.gentoo.org/glsa/201607-02","reference_id":"GLSA-201607-02","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201607-02"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:1025","reference_id":"RHSA-2016:1025","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:1025"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:1132","reference_id":"RHSA-2016:1132","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:1132"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:2750","reference_id":"RHSA-2016:2750","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:2750"}],"fixed_packages":[],"aliases":["CVE-2015-8388"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-c2g2-p2eq-mygx"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/113088?format=json","vulnerability_id":"VCID-can9-4jyb-s3eb","summary":"php: Uninitialized pointer in phar_make_dirstream()","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-4343.json","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-4343.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-4343","reference_id":"","reference_type":"","scores":[{"value":"0.07576","scoring_system":"epss","scoring_elements":"0.91985","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-4343"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1332454","reference_id":"1332454","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1332454"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:2750","reference_id":"RHSA-2016:2750","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:2750"}],"fixed_packages":[],"aliases":["CVE-2016-4343"],"risk_score":3.6,"exploitability":"0.5","weighted_severity":"7.3","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-can9-4jyb-s3eb"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/113086?format=json","vulnerability_id":"VCID-cjpc-z8pj-hba4","summary":"php: use of uninitialized pointer in PharFileInfo::getContent","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-4342.json","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-4342.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-4342","reference_id":"","reference_type":"","scores":[{"value":"0.05555","scoring_system":"epss","scoring_elements":"0.90436","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-4342"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1305536","reference_id":"1305536","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1305536"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:2750","reference_id":"RHSA-2016:2750","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:2750"}],"fixed_packages":[],"aliases":["CVE-2016-4342"],"risk_score":3.6,"exploitability":"0.5","weighted_severity":"7.3","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-cjpc-z8pj-hba4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/112871?format=json","vulnerability_id":"VCID-cw2n-dvsp-3bgy","summary":"php: Integer overflow in php_html_entities()","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-5094.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-5094.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-5094","reference_id":"","reference_type":"","scores":[{"value":"0.02407","scoring_system":"epss","scoring_elements":"0.85368","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-5094"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1340738","reference_id":"1340738","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1340738"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:2750","reference_id":"RHSA-2016:2750","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:2750"}],"fixed_packages":[],"aliases":["CVE-2016-5094"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-cw2n-dvsp-3bgy"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/113300?format=json","vulnerability_id":"VCID-d83x-jm3c-auf7","summary":"php: out-of-bounds write in fpm_log.c","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-5114.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-5114.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-5114","reference_id":"","reference_type":"","scores":[{"value":"0.01016","scoring_system":"epss","scoring_elements":"0.77512","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-5114"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1297710","reference_id":"1297710","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1297710"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:2750","reference_id":"RHSA-2016:2750","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:2750"}],"fixed_packages":[],"aliases":["CVE-2016-5114"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-d83x-jm3c-auf7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/113459?format=json","vulnerability_id":"VCID-dbjn-2deh-7ugh","summary":"php: odbc_bindcols function mishandles driver behavior for SQL_WVARCHAR columns","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-8879.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-8879.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-8879","reference_id":"","reference_type":"","scores":[{"value":"0.01617","scoring_system":"epss","scoring_elements":"0.82144","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-8879"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1338912","reference_id":"1338912","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1338912"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:2750","reference_id":"RHSA-2016:2750","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:2750"}],"fixed_packages":[],"aliases":["CVE-2015-8879"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-dbjn-2deh-7ugh"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/112921?format=json","vulnerability_id":"VCID-dy23-b2qk-3bex","summary":"php: openssl_random_pseudo_bytes() is not cryptographically secure","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-8867.json","reference_id":"","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-8867.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-8867","reference_id":"","reference_type":"","scores":[{"value":"0.13368","scoring_system":"epss","scoring_elements":"0.94315","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-8867"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1330420","reference_id":"1330420","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1330420"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:2750","reference_id":"RHSA-2016:2750","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:2750"}],"fixed_packages":[],"aliases":["CVE-2015-8867"],"risk_score":1.6,"exploitability":"0.5","weighted_severity":"3.3","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-dy23-b2qk-3bex"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/112725?format=json","vulnerability_id":"VCID-e2me-6b2t-vffx","summary":"php: Stack-based buffer overflow vulnerability in php_stream_zip_opener","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-6297.json","reference_id":"","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-6297.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-6297","reference_id":"","reference_type":"","scores":[{"value":"0.06254","scoring_system":"epss","scoring_elements":"0.91068","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-6297"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1359828","reference_id":"1359828","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1359828"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:2750","reference_id":"RHSA-2016:2750","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:2750"}],"fixed_packages":[],"aliases":["CVE-2016-6297"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.7","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-e2me-6b2t-vffx"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/76129?format=json","vulnerability_id":"VCID-eevm-m3bb-8qgu","summary":"Integer overflow in the gdImageCreate function in gd.c in the GD Graphics Library (aka libgd) before 2.0.34RC1, as used in PHP before 5.5.37, 5.6.x before 5.6.23, and 7.x before 7.0.8, allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted image dimensions.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-5767.json","reference_id":"","reference_type":"","scores":[{"value":"5.6","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-5767.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-5767","reference_id":"","reference_type":"","scores":[{"value":"0.04623","scoring_system":"epss","scoring_elements":"0.89455","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-5767"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1351069","reference_id":"1351069","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1351069"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:2598","reference_id":"RHSA-2016:2598","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:2598"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:2750","reference_id":"RHSA-2016:2750","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:2750"}],"fixed_packages":[],"aliases":["CVE-2016-5767"],"risk_score":2.5,"exploitability":"0.5","weighted_severity":"5.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-eevm-m3bb-8qgu"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/112663?format=json","vulnerability_id":"VCID-eu6b-up6e-z7gg","summary":"php: Out-of-bounds access in exif_process_IFD_in_MAKERNOTE","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-6291.json","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-6291.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-6291","reference_id":"","reference_type":"","scores":[{"value":"0.06548","scoring_system":"epss","scoring_elements":"0.91301","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-6291"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1359718","reference_id":"1359718","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1359718"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:2750","reference_id":"RHSA-2016:2750","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:2750"}],"fixed_packages":[],"aliases":["CVE-2016-6291"],"risk_score":2.1,"exploitability":"0.5","weighted_severity":"4.3","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-eu6b-up6e-z7gg"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/112884?format=json","vulnerability_id":"VCID-fqrm-ga7u-t7cn","summary":"php: Integer underflow causing arbitrary null write in fread/gzread","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-5096.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-5096.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-5096","reference_id":"","reference_type":"","scores":[{"value":"0.01601","scoring_system":"epss","scoring_elements":"0.82038","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-5096"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7456","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7456"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3074","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3074"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4537","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4537"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4538","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4538"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4539","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4539"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4540","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4540"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4541","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4541"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4542","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4542"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4543","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4543"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4544","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4544"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5093","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5093"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5094","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5094"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5095","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5095"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5096","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5096"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1339949","reference_id":"1339949","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1339949"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:2750","reference_id":"RHSA-2016:2750","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:2750"}],"fixed_packages":[],"aliases":["CVE-2016-5096"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-fqrm-ga7u-t7cn"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/113071?format=json","vulnerability_id":"VCID-fx1t-22mu-4bfd","summary":"php: Out-of-bounds read in phar_parse_zipfile()","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-3142.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-3142.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-3142","reference_id":"","reference_type":"","scores":[{"value":"0.04302","scoring_system":"epss","scoring_elements":"0.89061","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-3142"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1315312","reference_id":"1315312","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1315312"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:2750","reference_id":"RHSA-2016:2750","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:2750"}],"fixed_packages":[],"aliases":["CVE-2016-3142"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-fx1t-22mu-4bfd"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/112981?format=json","vulnerability_id":"VCID-fycp-est3-1keh","summary":"php: Invalid memory write in phar on filename containing \\0 inside name","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-4072.json","reference_id":"","reference_type":"","scores":[{"value":"4.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-4072.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-4072","reference_id":"","reference_type":"","scores":[{"value":"0.11136","scoring_system":"epss","scoring_elements":"0.93614","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-4072"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1323106","reference_id":"1323106","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1323106"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:2750","reference_id":"RHSA-2016:2750","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:2750"}],"fixed_packages":[],"aliases":["CVE-2016-4072"],"risk_score":2.0,"exploitability":"0.5","weighted_severity":"4.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-fycp-est3-1keh"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/112736?format=json","vulnerability_id":"VCID-g2ck-r15b-4qa2","summary":"php: Double Free Corruption in wddx_deserialize","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-5772.json","reference_id":"","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-5772.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-5772","reference_id":"","reference_type":"","scores":[{"value":"0.15935","scoring_system":"epss","scoring_elements":"0.94882","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-5772"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5768","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5768"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5769","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5769"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5770","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5770"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5771","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5771"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5772","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5772"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5773","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5773"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1351175","reference_id":"1351175","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1351175"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:2750","reference_id":"RHSA-2016:2750","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:2750"}],"fixed_packages":[],"aliases":["CVE-2016-5772"],"risk_score":1.6,"exploitability":"0.5","weighted_severity":"3.3","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-g2ck-r15b-4qa2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/97625?format=json","vulnerability_id":"VCID-g6q6-3k6s-vuey","summary":"Heap-based buffer overflow in the find_fixedlength function in pcre_compile.c in PCRE before 8.38 allows remote attackers to cause a denial of service (crash) or obtain sensitive information from heap memory and possibly bypass the ASLR protection mechanism via a crafted regular expression with an excess closing parenthesis.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-5073.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-5073.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-5073","reference_id":"","reference_type":"","scores":[{"value":"0.00547","scoring_system":"epss","scoring_elements":"0.68214","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-5073"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1237223","reference_id":"1237223","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1237223"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=790000","reference_id":"790000","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=790000"},{"reference_url":"https://security.gentoo.org/glsa/201607-02","reference_id":"GLSA-201607-02","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201607-02"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:1025","reference_id":"RHSA-2016:1025","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:1025"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:1132","reference_id":"RHSA-2016:1132","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:1132"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:2750","reference_id":"RHSA-2016:2750","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:2750"}],"fixed_packages":[],"aliases":["CVE-2015-5073"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-g6q6-3k6s-vuey"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/112723?format=json","vulnerability_id":"VCID-gm44-w424-2kgu","summary":"php: Out-of-bounds access in locale_accept_from_http","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-6294.json","reference_id":"","reference_type":"","scores":[{"value":"4.4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-6294.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-6294","reference_id":"","reference_type":"","scores":[{"value":"0.06163","scoring_system":"epss","scoring_elements":"0.90984","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-6294"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1359811","reference_id":"1359811","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1359811"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:2750","reference_id":"RHSA-2016:2750","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:2750"}],"fixed_packages":[],"aliases":["CVE-2016-6294"],"risk_score":2.0,"exploitability":"0.5","weighted_severity":"4.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-gm44-w424-2kgu"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/112920?format=json","vulnerability_id":"VCID-gx36-t6xj-gkau","summary":"php: libxml_disable_entity_loader setting is shared between threads","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-8866.json","reference_id":"","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-8866.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-8866","reference_id":"","reference_type":"","scores":[{"value":"0.03531","scoring_system":"epss","scoring_elements":"0.87871","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-8866"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1330418","reference_id":"1330418","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1330418"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:2750","reference_id":"RHSA-2016:2750","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:2750"}],"fixed_packages":[],"aliases":["CVE-2015-8866"],"risk_score":1.6,"exploitability":"0.5","weighted_severity":"3.3","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-gx36-t6xj-gkau"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/112888?format=json","vulnerability_id":"VCID-h2ee-c2nz-aqa1","summary":"php: bcpowmod accepts negative scale causing heap buffer overflow corrupting _one_ definition","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-4537.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-4537.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-4537","reference_id":"","reference_type":"","scores":[{"value":"0.06482","scoring_system":"epss","scoring_elements":"0.91256","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-4537"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1332860","reference_id":"1332860","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1332860"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:2750","reference_id":"RHSA-2016:2750","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:2750"}],"fixed_packages":[],"aliases":["CVE-2016-4537"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-h2ee-c2nz-aqa1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/112735?format=json","vulnerability_id":"VCID-h5nv-ghdt-8bfr","summary":"php: Use After Free Vulnerability in PHP's GC algorithm and unserialize","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-5771.json","reference_id":"","reference_type":"","scores":[{"value":"5.6","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-5771.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-5771","reference_id":"","reference_type":"","scores":[{"value":"0.09582","scoring_system":"epss","scoring_elements":"0.93018","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-5771"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5768","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5768"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5769","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5769"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5770","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5770"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5771","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5771"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5772","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5772"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5773","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5773"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1351173","reference_id":"1351173","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1351173"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:2750","reference_id":"RHSA-2016:2750","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:2750"}],"fixed_packages":[],"aliases":["CVE-2016-5771"],"risk_score":2.5,"exploitability":"0.5","weighted_severity":"5.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-h5nv-ghdt-8bfr"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/112556?format=json","vulnerability_id":"VCID-he8d-8ahq-yub7","summary":"php: Memory Leakage In exif_process_IFD_in_TIFF","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-7128.json","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-7128.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-7128","reference_id":"","reference_type":"","scores":[{"value":"0.02186","scoring_system":"epss","scoring_elements":"0.84679","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-7128"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1374704","reference_id":"1374704","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1374704"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:2750","reference_id":"RHSA-2016:2750","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:2750"}],"fixed_packages":[],"aliases":["CVE-2016-7128"],"risk_score":2.4,"exploitability":"0.5","weighted_severity":"4.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-he8d-8ahq-yub7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/76122?format=json","vulnerability_id":"VCID-hghm-njcu-audc","summary":"The gdImageScaleTwoPass function in gd_interpolation.c in the GD Graphics Library (aka libgd) before 2.2.0, as used in PHP before 5.6.12, uses inconsistent allocate and free approaches, which allows remote attackers to cause a denial of service (memory consumption) via a crafted call, as demonstrated by a call to the PHP imagescale function.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-8877.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-8877.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-8877","reference_id":"","reference_type":"","scores":[{"value":"0.02317","scoring_system":"epss","scoring_elements":"0.85081","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-8877"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7456","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7456"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8874","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8874"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8877","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8877"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1338907","reference_id":"1338907","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1338907"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:2750","reference_id":"RHSA-2016:2750","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:2750"}],"fixed_packages":[],"aliases":["CVE-2015-8877"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-hghm-njcu-audc"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/76149?format=json","vulnerability_id":"VCID-j1b9-hpxd-tqbv","summary":"The imagegammacorrect function in ext/gd/gd.c in PHP before 5.6.25 and 7.x before 7.0.10 does not properly validate gamma values, which allows remote attackers to cause a denial of service (out-of-bounds write) or possibly have unspecified other impact by providing different signs for the second and third arguments.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-7127.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-7127.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-7127","reference_id":"","reference_type":"","scores":[{"value":"0.02726","scoring_system":"epss","scoring_elements":"0.86218","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-7127"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1374701","reference_id":"1374701","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1374701"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:2750","reference_id":"RHSA-2016:2750","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:2750"}],"fixed_packages":[],"aliases":["CVE-2016-7127"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-j1b9-hpxd-tqbv"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/112745?format=json","vulnerability_id":"VCID-j55n-2uc7-cqbu","summary":"php: Invalid free() instead of efree() in phar_extract_file()","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-4473.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-4473.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-4473","reference_id":"","reference_type":"","scores":[{"value":"0.16817","scoring_system":"epss","scoring_elements":"0.95074","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-4473"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1347772","reference_id":"1347772","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1347772"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:2750","reference_id":"RHSA-2016:2750","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:2750"}],"fixed_packages":[],"aliases":["CVE-2016-4473"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-j55n-2uc7-cqbu"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/113379?format=json","vulnerability_id":"VCID-jgcc-5ak2-mqd9","summary":"php: Buffer over-read in php_url_parse_ex","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-6288.json","reference_id":"","reference_type":"","scores":[{"value":"6.2","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-6288.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-6288","reference_id":"","reference_type":"","scores":[{"value":"0.04325","scoring_system":"epss","scoring_elements":"0.89093","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-6288"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1360322","reference_id":"1360322","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1360322"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:2750","reference_id":"RHSA-2016:2750","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:2750"}],"fixed_packages":[],"aliases":["CVE-2016-6288"],"risk_score":2.8,"exploitability":"0.5","weighted_severity":"5.6","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-jgcc-5ak2-mqd9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/112892?format=json","vulnerability_id":"VCID-jqx9-6dbx-m3bh","summary":"php: Out-of-bounds heap memory read in exif_read_data() caused by malformed input","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-4544.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-4544.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-4544","reference_id":"","reference_type":"","scores":[{"value":"0.04299","scoring_system":"epss","scoring_elements":"0.89056","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-4544"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1332865","reference_id":"1332865","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1332865"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:2750","reference_id":"RHSA-2016:2750","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:2750"}],"fixed_packages":[],"aliases":["CVE-2016-4544"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-jqx9-6dbx-m3bh"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/76130?format=json","vulnerability_id":"VCID-jvzj-485k-4fcw","summary":"The gdImageCropThreshold function in gd_crop.c in the GD Graphics Library (aka libgd) before 2.2.3, as used in PHP before 7.0.9, allows remote attackers to cause a denial of service (application crash) via an invalid color index.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-6128.json","reference_id":"","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-6128.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-6128","reference_id":"","reference_type":"","scores":[{"value":"0.12098","scoring_system":"epss","scoring_elements":"0.9393","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-6128"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5116","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5116"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5766","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5766"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6128","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6128"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6132","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6132"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6161","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6161"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6214","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6214"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6905","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6905"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1351603","reference_id":"1351603","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1351603"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=829062","reference_id":"829062","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=829062"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:2750","reference_id":"RHSA-2016:2750","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:2750"}],"fixed_packages":[],"aliases":["CVE-2016-6128"],"risk_score":1.6,"exploitability":"0.5","weighted_severity":"3.3","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-jvzj-485k-4fcw"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/113812?format=json","vulnerability_id":"VCID-jw2h-aquc-bucz","summary":"php: HTTP response splitting in header() function","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-8935.json","reference_id":"","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-8935.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-8935","reference_id":"","reference_type":"","scores":[{"value":"0.01115","scoring_system":"epss","scoring_elements":"0.78532","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-8935"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1348927","reference_id":"1348927","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1348927"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:1066","reference_id":"RHSA-2015:1066","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:1066"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:2750","reference_id":"RHSA-2016:2750","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:2750"}],"fixed_packages":[],"aliases":["CVE-2015-8935"],"risk_score":1.4,"exploitability":"0.5","weighted_severity":"2.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-jw2h-aquc-bucz"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/76146?format=json","vulnerability_id":"VCID-k84g-a51c-fugu","summary":"The imagetruecolortopalette function in ext/gd/gd.c in PHP before 5.6.25 and 7.x before 7.0.10 does not properly validate the number of colors, which allows remote attackers to cause a denial of service (select_colors allocation error and out-of-bounds write) or possibly have unspecified other impact via a large value in the third argument.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-7126.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-7126.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-7126","reference_id":"","reference_type":"","scores":[{"value":"0.04632","scoring_system":"epss","scoring_elements":"0.89464","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-7126"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7124","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7124"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7125","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7125"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7126","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7126"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7127","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7127"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7128","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7128"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7129","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7129"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7130","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7130"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7131","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7131"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7132","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7132"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7411","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7411"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7412","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7412"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7413","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7413"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7414","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7414"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7416","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7416"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7417","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7417"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7418","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7418"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1374699","reference_id":"1374699","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1374699"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:2750","reference_id":"RHSA-2016:2750","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:2750"}],"fixed_packages":[],"aliases":["CVE-2016-7126"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-k84g-a51c-fugu"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/38292?format=json","vulnerability_id":"VCID-kd3m-s417-qkbr","summary":"Improper Restriction of Operations within the Bounds of a Memory Buffer\nPCRE, and PCRE2 mishandle group empty matches, which might allow remote attackers to cause a denial of service (stack-based buffer overflow) via a crafted regular expression.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-3217.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-3217.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-3217","reference_id":"","reference_type":"","scores":[{"value":"0.00861","scoring_system":"epss","scoring_elements":"0.75413","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-3217"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1228283","reference_id":"1228283","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1228283"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=787641","reference_id":"787641","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=787641"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2015-3217","reference_id":"CVE-2015-3217","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2015-3217"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:1025","reference_id":"RHSA-2016:1025","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:1025"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:1132","reference_id":"RHSA-2016:1132","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:1132"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:2750","reference_id":"RHSA-2016:2750","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:2750"}],"fixed_packages":[],"aliases":["CVE-2015-3217"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-kd3m-s417-qkbr"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/97624?format=json","vulnerability_id":"VCID-kpkt-vb2t-kuar","summary":"PCRE before 8.36 mishandles the /((?(R)a|(?1)))+/ pattern and related patterns with certain recursion, which allows remote attackers to cause a denial of service (segmentation fault) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-2328.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-2328.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-2328","reference_id":"","reference_type":"","scores":[{"value":"0.02714","scoring_system":"epss","scoring_elements":"0.86198","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-2328"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1285399","reference_id":"1285399","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1285399"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:1025","reference_id":"RHSA-2016:1025","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:1025"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:2750","reference_id":"RHSA-2016:2750","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:2750"}],"fixed_packages":[],"aliases":["CVE-2015-2328"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-kpkt-vb2t-kuar"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/76134?format=json","vulnerability_id":"VCID-mjr6-8pyz-tbbc","summary":"Integer overflow in the _gdContributionsAlloc function in gd_interpolation.c in GD Graphics Library (aka libgd) before 2.2.3 allows remote attackers to cause a denial of service (out-of-bounds memory write or memory consumption) via unspecified vectors.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-6207.json","reference_id":"","reference_type":"","scores":[{"value":"6.2","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-6207.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-6207","reference_id":"","reference_type":"","scores":[{"value":"0.08719","scoring_system":"epss","scoring_elements":"0.92637","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-6207"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1359800","reference_id":"1359800","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1359800"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:2750","reference_id":"RHSA-2016:2750","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:2750"}],"fixed_packages":[],"aliases":["CVE-2016-6207"],"risk_score":2.8,"exploitability":"0.5","weighted_severity":"5.6","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-mjr6-8pyz-tbbc"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/97623?format=json","vulnerability_id":"VCID-mrwr-pqss-6keq","summary":"PCRE before 8.36 mishandles the /(((a\\2)|(a*)\\g<-1>))*/ pattern and related patterns with certain internal recursive back references, which allows remote attackers to cause a denial of service (segmentation fault) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-2327.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-2327.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-2327","reference_id":"","reference_type":"","scores":[{"value":"0.02821","scoring_system":"epss","scoring_elements":"0.86426","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-2327"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1285408","reference_id":"1285408","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1285408"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:2750","reference_id":"RHSA-2016:2750","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:2750"}],"fixed_packages":[],"aliases":["CVE-2015-2327"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-mrwr-pqss-6keq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/112726?format=json","vulnerability_id":"VCID-npzd-q347-2ygw","summary":"php: Integer overflow leads to buffer overflow in virtual_file_ex","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-6289.json","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-6289.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-6289","reference_id":"","reference_type":"","scores":[{"value":"0.02322","scoring_system":"epss","scoring_elements":"0.85097","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-6289"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1359698","reference_id":"1359698","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1359698"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:2750","reference_id":"RHSA-2016:2750","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:2750"}],"fixed_packages":[],"aliases":["CVE-2016-6289"],"risk_score":2.4,"exploitability":"0.5","weighted_severity":"4.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-npzd-q347-2ygw"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/97626?format=json","vulnerability_id":"VCID-p1z2-yqe2-tqaf","summary":"The compile_regex function in pcre_compile.c in PCRE before 8.38 and pcre2_compile.c in PCRE2 before 10.2x mishandles the /(?J:(?|(:(?|(?'R')(\\k'R')|((?'R')))H'Rk'Rf)|s(?'R'))))/ and /(?J:(?|(:(?|(?'R')(\\z(?|(?'R')(\\k'R')|((?'R')))k'R')|((?'R')))H'Ak'Rf)|s(?'R')))/ patterns, and related patterns with certain group references, which allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-8381.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-8381.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-8381","reference_id":"","reference_type":"","scores":[{"value":"0.05803","scoring_system":"epss","scoring_elements":"0.90676","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-8381"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1287711","reference_id":"1287711","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1287711"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=796762","reference_id":"796762","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=796762"},{"reference_url":"https://security.gentoo.org/glsa/201607-02","reference_id":"GLSA-201607-02","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201607-02"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:1132","reference_id":"RHSA-2016:1132","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:1132"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:2750","reference_id":"RHSA-2016:2750","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:2750"}],"fixed_packages":[],"aliases":["CVE-2015-8381"],"risk_score":0.1,"exploitability":"0.5","weighted_severity":"0.1","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-p1z2-yqe2-tqaf"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/106606?format=json","vulnerability_id":"VCID-p68m-zygn-e7c2","summary":"Integer signedness error in the simplestring_addn function in simplestring.c in xmlrpc-epi through 0.54.2, as used in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9, allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a long first argument to the PHP xmlrpc_encode_request function.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-6296.json","reference_id":"","reference_type":"","scores":[{"value":"7.0","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-6296.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-6296","reference_id":"","reference_type":"","scores":[{"value":"0.13001","scoring_system":"epss","scoring_elements":"0.94212","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-6296"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1359822","reference_id":"1359822","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1359822"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=832959","reference_id":"832959","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=832959"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:2750","reference_id":"RHSA-2016:2750","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:2750"}],"fixed_packages":[],"aliases":["CVE-2016-6296"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.3","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-p68m-zygn-e7c2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/97644?format=json","vulnerability_id":"VCID-p6s9-fmbe-bbdu","summary":"PCRE before 8.38 mishandles certain references, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror, a related issue to CVE-2015-8384 and CVE-2015-8392.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-8395.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-8395.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-8395","reference_id":"","reference_type":"","scores":[{"value":"0.02405","scoring_system":"epss","scoring_elements":"0.8536","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-8395"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1287711","reference_id":"1287711","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1287711"},{"reference_url":"https://security.gentoo.org/glsa/201607-02","reference_id":"GLSA-201607-02","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201607-02"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:1132","reference_id":"RHSA-2016:1132","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:1132"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:2750","reference_id":"RHSA-2016:2750","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:2750"}],"fixed_packages":[],"aliases":["CVE-2015-8395"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-p6s9-fmbe-bbdu"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/112923?format=json","vulnerability_id":"VCID-ptnr-7zdy-v3df","summary":"php: OOB read in grapheme_stripos and grapheme_strpos when negative offset is used","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-4540.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-4540.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-4540","reference_id":"","reference_type":"","scores":[{"value":"0.01969","scoring_system":"epss","scoring_elements":"0.83856","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-4540"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1332872","reference_id":"1332872","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1332872"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:2750","reference_id":"RHSA-2016:2750","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:2750"}],"fixed_packages":[],"aliases":["CVE-2016-4540"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ptnr-7zdy-v3df"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/113072?format=json","vulnerability_id":"VCID-pvyq-135x-dfaq","summary":"php: buffer overflow in handling of long link names in tar phar archives","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-2554.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-2554.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-2554","reference_id":"","reference_type":"","scores":[{"value":"0.10282","scoring_system":"epss","scoring_elements":"0.93303","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-2554"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1305543","reference_id":"1305543","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1305543"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:2750","reference_id":"RHSA-2016:2750","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:2750"}],"fixed_packages":[],"aliases":["CVE-2016-2554"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-pvyq-135x-dfaq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/113443?format=json","vulnerability_id":"VCID-qvuc-9nm7-eyed","summary":"php: Stack consumption vulnerability in Zend/zend_exceptions.c","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-8873.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-8873.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-8873","reference_id":"","reference_type":"","scores":[{"value":"0.02792","scoring_system":"epss","scoring_elements":"0.86363","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-8873"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1336775","reference_id":"1336775","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1336775"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:2750","reference_id":"RHSA-2016:2750","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:2750"}],"fixed_packages":[],"aliases":["CVE-2015-8873"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-qvuc-9nm7-eyed"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/112890?format=json","vulnerability_id":"VCID-rcc5-73de-7bgb","summary":"php: Out-of-bounds heap memory read in exif_read_data() caused by malformed input","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-4542.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-4542.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-4542","reference_id":"","reference_type":"","scores":[{"value":"0.01233","scoring_system":"epss","scoring_elements":"0.79528","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-4542"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1332865","reference_id":"1332865","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1332865"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:2750","reference_id":"RHSA-2016:2750","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:2750"}],"fixed_packages":[],"aliases":["CVE-2016-4542"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-rcc5-73de-7bgb"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/97621?format=json","vulnerability_id":"VCID-tkxu-ju7q-sqbn","summary":"The compile_branch function in PCRE before 8.37 allows context-dependent attackers to compile incorrect code, cause a denial of service (out-of-bounds heap read and crash), or possibly have other unspecified impact via a regular expression with a group containing a forward reference repeated a large number of times within a repeated outer group that has a zero minimum quantifier.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-2325.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-2325.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-2325","reference_id":"","reference_type":"","scores":[{"value":"0.00471","scoring_system":"epss","scoring_elements":"0.64963","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-2325"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1207198","reference_id":"1207198","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1207198"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=781795","reference_id":"781795","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=781795"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:2750","reference_id":"RHSA-2016:2750","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:2750"}],"fixed_packages":[],"aliases":["CVE-2015-2325"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-tkxu-ju7q-sqbn"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/97631?format=json","vulnerability_id":"VCID-twye-41tq-hkcw","summary":"PCRE before 8.38 mishandles the interaction of lookbehind assertions and mutually recursive subpatterns, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-8386.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-8386.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-8386","reference_id":"","reference_type":"","scores":[{"value":"0.0752","scoring_system":"epss","scoring_elements":"0.91951","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-8386"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1287636","reference_id":"1287636","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1287636"},{"reference_url":"https://security.gentoo.org/glsa/201607-02","reference_id":"GLSA-201607-02","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201607-02"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:1025","reference_id":"RHSA-2016:1025","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:1025"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:1132","reference_id":"RHSA-2016:1132","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:1132"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:2750","reference_id":"RHSA-2016:2750","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:2750"}],"fixed_packages":[],"aliases":["CVE-2015-8386"],"risk_score":0.1,"exploitability":"0.5","weighted_severity":"0.1","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-twye-41tq-hkcw"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/112737?format=json","vulnerability_id":"VCID-tyr1-ue62-suba","summary":"php: ZipArchive class Use After Free Vulnerability in PHP's GC algorithm and unserialize","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-5773.json","reference_id":"","reference_type":"","scores":[{"value":"5.6","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-5773.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-5773","reference_id":"","reference_type":"","scores":[{"value":"0.16127","scoring_system":"epss","scoring_elements":"0.94918","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-5773"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1351179","reference_id":"1351179","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1351179"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:2750","reference_id":"RHSA-2016:2750","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:2750"}],"fixed_packages":[],"aliases":["CVE-2016-5773"],"risk_score":2.5,"exploitability":"0.5","weighted_severity":"5.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-tyr1-ue62-suba"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/97638?format=json","vulnerability_id":"VCID-u7q1-w5yx-bfc3","summary":"The pcre_compile function in pcre_compile.c in PCRE before 8.38 mishandles certain [: nesting, which allows remote attackers to cause a denial of service (CPU consumption) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-8391.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-8391.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-8391","reference_id":"","reference_type":"","scores":[{"value":"0.06404","scoring_system":"epss","scoring_elements":"0.91194","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-8391"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1287671","reference_id":"1287671","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1287671"},{"reference_url":"https://security.gentoo.org/glsa/201607-02","reference_id":"GLSA-201607-02","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201607-02"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:1025","reference_id":"RHSA-2016:1025","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:1025"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:1132","reference_id":"RHSA-2016:1132","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:1132"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:2750","reference_id":"RHSA-2016:2750","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:2750"}],"fixed_packages":[],"aliases":["CVE-2015-8391"],"risk_score":0.1,"exploitability":"0.5","weighted_severity":"0.1","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-u7q1-w5yx-bfc3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/112720?format=json","vulnerability_id":"VCID-v6h2-pawz-hyhu","summary":"php: Use after free in unserialize() with Unexpected Session Deserialization","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-6290.json","reference_id":"","reference_type":"","scores":[{"value":"7.0","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-6290.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-6290","reference_id":"","reference_type":"","scores":[{"value":"0.08435","scoring_system":"epss","scoring_elements":"0.92486","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-6290"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1359710","reference_id":"1359710","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1359710"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:2750","reference_id":"RHSA-2016:2750","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:2750"}],"fixed_packages":[],"aliases":["CVE-2016-6290"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.3","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-v6h2-pawz-hyhu"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/112555?format=json","vulnerability_id":"VCID-vh9q-qzwq-vkgb","summary":"php: bypass __wakeup() in deserialization of an unexpected object","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-7124.json","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-7124.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-7124","reference_id":"","reference_type":"","scores":[{"value":"0.74663","scoring_system":"epss","scoring_elements":"0.98878","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-7124"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7124","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7124"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7125","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7125"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7126","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7126"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7127","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7127"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7128","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7128"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7129","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7129"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7130","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7130"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7131","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7131"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7132","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7132"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7411","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7411"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7412","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7412"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7413","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7413"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7414","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7414"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7416","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7416"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7417","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7417"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7418","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7418"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1374697","reference_id":"1374697","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1374697"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:2750","reference_id":"RHSA-2016:2750","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:2750"}],"fixed_packages":[],"aliases":["CVE-2016-7124"],"risk_score":2.1,"exploitability":"0.5","weighted_severity":"4.3","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-vh9q-qzwq-vkgb"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/76115?format=json","vulnerability_id":"VCID-wdcy-9v3g-xqaz","summary":"gd_interpolation.c in the GD Graphics Library (aka libgd) before 2.1.1, as used in PHP before 5.5.36, 5.6.x before 5.6.22, and 7.x before 7.0.7, allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a crafted image that is mishandled by the imagescale function.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-7456.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-7456.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2013-7456","reference_id":"","reference_type":"","scores":[{"value":"0.01328","scoring_system":"epss","scoring_elements":"0.80272","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2013-7456"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1340433","reference_id":"1340433","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1340433"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:2750","reference_id":"RHSA-2016:2750","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:2750"}],"fixed_packages":[],"aliases":["CVE-2013-7456"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-wdcy-9v3g-xqaz"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/113032?format=json","vulnerability_id":"VCID-wdyd-wy11-mkg1","summary":"php: Format string vulnerability in php_snmp_error()","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-4071.json","reference_id":"","reference_type":"","scores":[{"value":"5.0","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-4071.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-4071","reference_id":"","reference_type":"","scores":[{"value":"0.3258","scoring_system":"epss","scoring_elements":"0.96956","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-4071"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1323108","reference_id":"1323108","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1323108"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/39645.php","reference_id":"CVE-2016-4071","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/39645.php"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:2750","reference_id":"RHSA-2016:2750","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:2750"}],"fixed_packages":[],"aliases":["CVE-2016-4071"],"risk_score":2.2,"exploitability":"0.5","weighted_severity":"4.5","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-wdyd-wy11-mkg1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/76128?format=json","vulnerability_id":"VCID-x4mv-43g5-nke4","summary":"Integer overflow in the _gd2GetHeader function in gd_gd2.c in the GD Graphics Library (aka libgd) before 2.2.3, as used in PHP before 5.5.37, 5.6.x before 5.6.23, and 7.x before 7.0.8, allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via crafted chunk dimensions in an image.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-5766.json","reference_id":"","reference_type":"","scores":[{"value":"5.6","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-5766.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-5766","reference_id":"","reference_type":"","scores":[{"value":"0.16232","scoring_system":"epss","scoring_elements":"0.94938","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-5766"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1351068","reference_id":"1351068","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1351068"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=829014","reference_id":"829014","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=829014"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:2598","reference_id":"RHSA-2016:2598","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:2598"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:2750","reference_id":"RHSA-2016:2750","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:2750"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:5443","reference_id":"RHSA-2020:5443","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:5443"}],"fixed_packages":[],"aliases":["CVE-2016-5766"],"risk_score":2.5,"exploitability":"0.5","weighted_severity":"5.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-x4mv-43g5-nke4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/113243?format=json","vulnerability_id":"VCID-x547-8y5r-qkh8","summary":"php: Out-of-bounds memory read via gdImageRotateInterpolated","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-1903.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-1903.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-1903","reference_id":"","reference_type":"","scores":[{"value":"0.08692","scoring_system":"epss","scoring_elements":"0.92627","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-1903"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1297717","reference_id":"1297717","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1297717"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:2750","reference_id":"RHSA-2016:2750","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:2750"}],"fixed_packages":[],"aliases":["CVE-2016-1903"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-x547-8y5r-qkh8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/113395?format=json","vulnerability_id":"VCID-xk5k-az56-ykc6","summary":"php: ZipArchive:: extractTo allows for directory traversal when creating directories","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-9767.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-9767.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2014-9767","reference_id":"","reference_type":"","scores":[{"value":"0.00492","scoring_system":"epss","scoring_elements":"0.65991","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2014-9767"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1260716","reference_id":"1260716","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1260716"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:2750","reference_id":"RHSA-2016:2750","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:2750"}],"fixed_packages":[],"aliases":["CVE-2014-9767"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-xk5k-az56-ykc6"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/97622?format=json","vulnerability_id":"VCID-ys5j-2ms5-6qby","summary":"The pcre_compile2 function in PCRE before 8.37 allows context-dependent attackers to compile incorrect code and cause a denial of service (out-of-bounds read) via regular expression with a group containing both a forward referencing subroutine call and a recursive back reference, as demonstrated by \"((?+1)(\\1))/\".","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-2326.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-2326.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-2326","reference_id":"","reference_type":"","scores":[{"value":"0.00569","scoring_system":"epss","scoring_elements":"0.68944","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-2326"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1207202","reference_id":"1207202","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1207202"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=783285","reference_id":"783285","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=783285"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:2750","reference_id":"RHSA-2016:2750","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:2750"}],"fixed_packages":[],"aliases":["CVE-2015-2326"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ys5j-2ms5-6qby"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/112560?format=json","vulnerability_id":"VCID-zacb-53ek-6kak","summary":"php: wddx_deserialize null dereference in php_wddx_pop_element","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-7132.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-7132.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-7132","reference_id":"","reference_type":"","scores":[{"value":"0.14856","scoring_system":"epss","scoring_elements":"0.94646","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-7132"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7124","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7124"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7125","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7125"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7126","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7126"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7127","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7127"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7128","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7128"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7129","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7129"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7130","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7130"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7131","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7131"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7132","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7132"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7411","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7411"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7412","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7412"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7413","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7413"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7414","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7414"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7416","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7416"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7417","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7417"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7418","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7418"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1374711","reference_id":"1374711","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1374711"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:2750","reference_id":"RHSA-2016:2750","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:2750"}],"fixed_packages":[],"aliases":["CVE-2016-7132"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-zacb-53ek-6kak"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/97639?format=json","vulnerability_id":"VCID-zfag-y22f-cfcp","summary":"PCRE before 8.38 mishandles certain instances of the (?| substring, which allows remote attackers to cause a denial of service (unintended recursion and buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror, a related issue to CVE-2015-8384 and CVE-2015-8395.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-8392.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-8392.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-8392","reference_id":"","reference_type":"","scores":[{"value":"0.04389","scoring_system":"epss","scoring_elements":"0.89174","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-8392"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1287690","reference_id":"1287690","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1287690"},{"reference_url":"https://security.gentoo.org/glsa/201607-02","reference_id":"GLSA-201607-02","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201607-02"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:1132","reference_id":"RHSA-2016:1132","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:1132"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:2750","reference_id":"RHSA-2016:2750","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:2750"}],"fixed_packages":[],"aliases":["CVE-2015-8392"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-zfag-y22f-cfcp"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/112558?format=json","vulnerability_id":"VCID-zmzd-gp6s-9ucq","summary":"php: wddx_deserialize null dereference","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-7130.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-7130.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-7130","reference_id":"","reference_type":"","scores":[{"value":"0.02206","scoring_system":"epss","scoring_elements":"0.8475","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-7130"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1374707","reference_id":"1374707","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1374707"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:2750","reference_id":"RHSA-2016:2750","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:2750"}],"fixed_packages":[],"aliases":["CVE-2016-7130"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-zmzd-gp6s-9ucq"}],"fixing_vulnerabilities":[],"risk_score":"4.0","resource_url":"http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/rh-php56-php@5.6.25-1%3Farch=el7"}