Search for packages
| purl | pkg:deb/ubuntu/php5@5.2.4-2ubuntu5.10 |
| Next non-vulnerable version | 5.5.9+dfsg-1ubuntu4.29 |
| Latest non-vulnerable version | 5.5.9+dfsg-1ubuntu4.29 |
| Risk | 10.0 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-1252-8g9h-aaae
Aliases: CVE-2016-7414 |
The ZIP signature-verification feature in PHP before 5.6.26 and 7.x before 7.0.11 does not ensure that the uncompressed_filesize field is large enough, which allows remote attackers to cause a denial of service (out-of-bounds memory access) or possibly have unspecified other impact via a crafted PHAR archive, related to ext/phar/util.c and ext/phar/zip.c. |
Affected by 47 other vulnerabilities. |
|
VCID-12qt-uvs5-aaar
Aliases: CVE-2016-4537 |
The bcpowmod function in ext/bcmath/bcmath.c in PHP before 5.5.35, 5.6.x before 5.6.21, and 7.x before 7.0.6 accepts a negative integer for the scale argument, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted call. |
Affected by 89 other vulnerabilities. |
|
VCID-16pv-5tpc-aaae
Aliases: CVE-2017-9229 |
An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A SIGSEGV occurs in left_adjust_char_head() during regular expression compilation. Invalid handling of reg->dmax in forward_search_range() could result in an invalid pointer dereference, normally as an immediate denial-of-service condition. |
Affected by 24 other vulnerabilities. |
|
VCID-1byx-u4df-aaap
Aliases: CVE-2019-9023 |
An issue was discovered in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1. A number of heap-based buffer over-read instances are present in mbstring regular expression functions when supplied with invalid multibyte data. These occur in ext/mbstring/oniguruma/regcomp.c, ext/mbstring/oniguruma/regexec.c, ext/mbstring/oniguruma/regparse.c, ext/mbstring/oniguruma/enc/unicode.c, and ext/mbstring/oniguruma/src/utf32_be.c when a multibyte regular expression pattern contains invalid multibyte sequences. |
Affected by 7 other vulnerabilities. |
|
VCID-1eec-7zn7-aaak
Aliases: CVE-2019-9639 |
An issue was discovered in the EXIF component in PHP before 7.1.27, 7.2.x before 7.2.16, and 7.3.x before 7.3.3. There is an uninitialized read in exif_process_IFD_in_MAKERNOTE because of mishandling the data_len variable. |
Affected by 0 other vulnerabilities. |
|
VCID-1ffp-sdbr-aaab
Aliases: CVE-2018-10545 |
An issue was discovered in PHP before 5.6.35, 7.0.x before 7.0.29, 7.1.x before 7.1.16, and 7.2.x before 7.2.4. Dumpable FPM child processes allow bypassing opcache access controls because fpm_unix.c makes a PR_SET_DUMPABLE prctl call, allowing one user (in a multiuser environment) to obtain sensitive information from the process memory of a second user's PHP applications by running gcore on the PID of the PHP-FPM worker process. |
Affected by 14 other vulnerabilities. |
|
VCID-1kpm-mmtp-aaaa
Aliases: CVE-2019-9020 |
An issue was discovered in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1. Invalid input to the function xmlrpc_decode() can lead to an invalid memory access (heap out of bounds read or read after free). This is related to xml_elem_parse_buf in ext/xmlrpc/libxmlrpc/xml_element.c. |
Affected by 7 other vulnerabilities. |
|
VCID-1v9a-7p2h-aaar
Aliases: CVE-2016-10712 |
In PHP before 5.5.32, 5.6.x before 5.6.18, and 7.x before 7.0.3, all of the return values of stream_get_meta_data can be controlled if the input can be controlled (e.g., during file uploads). For example, a "$uri = stream_get_meta_data(fopen($file, "r"))['uri']" call mishandles the case where $file is data:text/plain;uri=eviluri, -- in other words, metadata can be set by an attacker. |
Affected by 19 other vulnerabilities. |
|
VCID-22vt-k66h-aaan
Aliases: CVE-2015-4599 |
CVE-2015-4599 CVE-2015-4600 CVE-2015-4601 php: type confusion issue in unserialize() with various SOAP methods |
Affected by 129 other vulnerabilities. |
|
VCID-2489-2q82-aaah
Aliases: CVE-2019-9022 |
An issue was discovered in PHP 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.2. dns_get_record misparses a DNS response, which can allow a hostile DNS server to cause PHP to misuse memcpy, leading to read operations going past the buffer allocated for DNS data. This affects php_parserr in ext/standard/dns.c for DNS_CAA and DNS_ANY queries. |
Affected by 0 other vulnerabilities. |
|
VCID-2kms-au22-aaap
Aliases: CVE-2014-9767 |
CVE-2014-9767 php: ZipArchive::extractTo allows for directory traversal when creating directories |
Affected by 99 other vulnerabilities. |
|
VCID-2nxq-gvnh-aaas
Aliases: CVE-2016-4343 |
The phar_make_dirstream function in ext/phar/dirstream.c in PHP before 5.6.18 and 7.x before 7.0.3 mishandles zero-size ././@LongLink files, which allows remote attackers to cause a denial of service (uninitialized pointer dereference) or possibly have unspecified other impact via a crafted TAR archive. |
Affected by 89 other vulnerabilities. |
|
VCID-2r5d-nnjj-aaaj
Aliases: CVE-2019-9641 |
An issue was discovered in the EXIF component in PHP before 7.1.27, 7.2.x before 7.2.16, and 7.3.x before 7.3.3. There is an uninitialized read in exif_process_IFD_in_TIFF. |
Affected by 0 other vulnerabilities. |
|
VCID-2x4r-thvu-aaap
Aliases: CVE-2015-6831 |
Multiple use-after-free vulnerabilities in SPL in PHP before 5.4.44, 5.5.x before 5.5.28, and 5.6.x before 5.6.12 allow remote attackers to execute arbitrary code via vectors involving (1) ArrayObject, (2) SplObjectStorage, and (3) SplDoublyLinkedList, which are mishandled during unserialization. |
Affected by 119 other vulnerabilities. |
|
VCID-32s8-srh9-aaas
Aliases: CVE-2016-7127 |
The imagegammacorrect function in ext/gd/gd.c in PHP before 5.6.25 and 7.x before 7.0.10 does not properly validate gamma values, which allows remote attackers to cause a denial of service (out-of-bounds write) or possibly have unspecified other impact by providing different signs for the second and third arguments. |
Affected by 47 other vulnerabilities. |
|
VCID-39py-8jmd-aaab
Aliases: CVE-2016-4473 |
CVE-2016-4473 php: Invalid free() instead of efree() in phar_extract_file() |
Affected by 63 other vulnerabilities. |
|
VCID-3c18-v2g4-aaaf
Aliases: CVE-2015-2305 |
Integer overflow in the regcomp implementation in the Henry Spencer BSD regex library (aka rxspencer) alpha3.8.g5 on 32-bit platforms, as used in NetBSD through 6.1.5 and other products, might allow context-dependent attackers to execute arbitrary code via a large regular expression that leads to a heap-based buffer overflow. |
Affected by 146 other vulnerabilities. |
|
VCID-3h84-jpyb-aaam
Aliases: CVE-2016-4541 |
The grapheme_strpos function in ext/intl/grapheme/grapheme_string.c in PHP before 5.5.35, 5.6.x before 5.6.21, and 7.x before 7.0.6 allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a negative offset. |
Affected by 89 other vulnerabilities. |
|
VCID-3j6s-rced-aaaa
Aliases: CVE-2016-5769 |
Multiple integer overflows in mcrypt.c in the mcrypt extension in PHP before 5.5.37, 5.6.x before 5.6.23, and 7.x before 7.0.8 allow remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted length value, related to the (1) mcrypt_generic and (2) mdecrypt_generic functions. |
Affected by 63 other vulnerabilities. |
|
VCID-3jrq-ku7n-aaan
Aliases: CVE-2015-3329 |
CVE-2015-3329 php: buffer overflow in phar_set_inode() |
Affected by 146 other vulnerabilities. |
|
VCID-3khx-vu3n-aaad
Aliases: CVE-2016-4073 |
Multiple integer overflows in the mbfl_strcut function in ext/mbstring/libmbfl/mbfl/mbfilter.c in PHP before 5.5.34, 5.6.x before 5.6.20, and 7.x before 7.0.5 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted mb_strcut call. |
Affected by 99 other vulnerabilities. |
|
VCID-3m4w-fcrw-aaaq
Aliases: CVE-2015-1352 |
CVE-2015-1352 php: NULL pointer dereference in pgsql extension |
Affected by 160 other vulnerabilities. |
|
VCID-3w4q-hbrz-aaar
Aliases: CVE-2016-3185 |
The make_http_soap_request function in ext/soap/php_http.c in PHP before 5.4.44, 5.5.x before 5.5.28, 5.6.x before 5.6.12, and 7.x before 7.0.4 allows remote attackers to obtain sensitive information from process memory or cause a denial of service (type confusion and application crash) via crafted serialized _cookies data, related to the SoapClient::__call method in ext/soap/soap.c. |
Affected by 99 other vulnerabilities. |
|
VCID-4bjr-smu3-aaah
Aliases: CVE-2016-9935 |
The php_wddx_push_element function in ext/wddx/wddx.c in PHP before 5.6.29 and 7.x before 7.0.14 allows remote attackers to cause a denial of service (out-of-bounds read and memory corruption) or possibly have unspecified other impact via an empty boolean element in a wddxPacket XML document. |
Affected by 37 other vulnerabilities. |
|
VCID-4hyb-chh2-aaam
Aliases: CVE-2015-0231 |
CVE-2015-0231 php: use after free vulnerability in unserialize() (incomplete fix of CVE-2014-8142) |
Affected by 160 other vulnerabilities. |
|
VCID-4vgm-9sdp-aaas
Aliases: CVE-2015-8835 |
CVE-2015-8835 php: type confusion issue in Soap Client call() method |
Affected by 99 other vulnerabilities. |
|
VCID-51uc-bzg4-aaag
Aliases: CVE-2016-5095 |
CVE-2016-5095 php: Integer overflow in php_filter_full_special_chars |
Affected by 63 other vulnerabilities. |
|
VCID-59fn-ybff-aaan
Aliases: CVE-2014-3487 |
The cdf_read_property_info function in file before 5.19, as used in the Fileinfo component in PHP before 5.4.30 and 5.5.x before 5.5.14, does not properly validate a stream offset, which allows remote attackers to cause a denial of service (application crash) via a crafted CDF file. |
Affected by 173 other vulnerabilities. |
|
VCID-5aug-72yr-aaab
Aliases: CVE-2016-9934 |
ext/wddx/wddx.c in PHP before 5.6.28 and 7.x before 7.0.13 allows remote attackers to cause a denial of service (NULL pointer dereference) via crafted serialized data in a wddxPacket XML document, as demonstrated by a PDORow string. |
Affected by 37 other vulnerabilities. |
|
VCID-5t8p-jv5n-aaad
Aliases: CVE-2016-7411 |
ext/standard/var_unserializer.re in PHP before 5.6.26 mishandles object-deserialization failures, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via an unserialize call that references a partially constructed object. |
Affected by 47 other vulnerabilities. |
|
VCID-5ynh-zkyv-aaas
Aliases: CVE-2015-2331 |
Integer overflow in the _zip_cdir_new function in zip_dirent.c in libzip 0.11.2 and earlier, as used in the ZIP extension in PHP before 5.4.39, 5.5.x before 5.5.23, and 5.6.x before 5.6.7 and other products, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a ZIP archive that contains many entries, leading to a heap-based buffer overflow. |
Affected by 155 other vulnerabilities. |
|
VCID-6byw-kc7s-aaas
Aliases: CVE-2015-3307 |
CVE-2015-3307 php: invalid pointer free() in phar_tar_process_metadata() |
Affected by 146 other vulnerabilities. |
|
VCID-6spz-b8a9-aaaf
Aliases: CVE-2015-6838 |
The xsl_ext_function_php function in ext/xsl/xsltprocessor.c in PHP before 5.4.45, 5.5.x before 5.5.29, and 5.6.x before 5.6.13, when libxml2 before 2.9.2 is used, does not consider the possibility of a NULL valuePop return value before proceeding with a free operation after the principal argument loop, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted XML document, a different vulnerability than CVE-2015-6837. |
Affected by 119 other vulnerabilities. |
|
VCID-71uz-yd7t-aaaq
Aliases: CVE-2016-7132 |
ext/wddx/wddx.c in PHP before 5.6.25 and 7.x before 7.0.10 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) or possibly have unspecified other impact via an invalid wddxPacket XML document that is mishandled in a wddx_deserialize call, as demonstrated by a stray element inside a boolean element, leading to incorrect pop processing. |
Affected by 47 other vulnerabilities. |
|
VCID-73j4-s6t8-aaad
Aliases: CVE-2015-6837 |
The xsl_ext_function_php function in ext/xsl/xsltprocessor.c in PHP before 5.4.45, 5.5.x before 5.5.29, and 5.6.x before 5.6.13, when libxml2 before 2.9.2 is used, does not consider the possibility of a NULL valuePop return value before proceeding with a free operation during initial error checking, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted XML document, a different vulnerability than CVE-2015-6838. |
Affected by 119 other vulnerabilities. |
|
VCID-7j98-wax7-aaan
Aliases: CVE-2018-10548 |
An issue was discovered in PHP before 5.6.36, 7.0.x before 7.0.30, 7.1.x before 7.1.17, and 7.2.x before 7.2.5. ext/ldap/ldap.c allows remote LDAP servers to cause a denial of service (NULL pointer dereference and application crash) because of mishandling of the ldap_get_dn return value. |
Affected by 14 other vulnerabilities. |
|
VCID-82b4-njua-aaab
Aliases: CVE-2017-16642 |
In PHP before 5.6.32, 7.x before 7.0.25, and 7.1.x before 7.1.11, an error in the date extension's timelib_meridian handling of 'front of' and 'back of' directives could be used by attackers able to supply date strings to leak information from the interpreter, related to ext/date/lib/parse_date.c out-of-bounds reads affecting the php_parse_date function. NOTE: this is a different issue than CVE-2017-11145. |
Affected by 21 other vulnerabilities. |
|
VCID-83ub-mcqj-aaak
Aliases: CVE-2015-8935 |
CVE-2015-8935 php: HTTP response splitting in header() function |
Affected by 63 other vulnerabilities. |
|
VCID-869z-tjdt-aaab
Aliases: CVE-2016-4540 |
The grapheme_stripos function in ext/intl/grapheme/grapheme_string.c in PHP before 5.5.35, 5.6.x before 5.6.21, and 7.x before 7.0.6 allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a negative offset. |
Affected by 89 other vulnerabilities. |
|
VCID-8gvv-7agg-aaan
Aliases: CVE-2015-2783 |
CVE-2015-2783 php: buffer over-read in Phar metadata parsing |
Affected by 146 other vulnerabilities. |
|
VCID-8hz7-hn9j-aaad
Aliases: CVE-2016-5768 |
Double free vulnerability in the _php_mb_regex_ereg_replace_exec function in php_mbregex.c in the mbstring extension in PHP before 5.5.37, 5.6.x before 5.6.23, and 7.x before 7.0.8 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) by leveraging a callback exception. |
Affected by 63 other vulnerabilities. |
|
VCID-8mwc-zmcx-aaan
Aliases: CVE-2015-4024 |
CVE-2015-4024 php: multipart/form-data request parsing CPU usage DoS |
Affected by 129 other vulnerabilities. |
|
VCID-8th8-sv29-aaap
Aliases: CVE-2016-4539 |
The xml_parse_into_struct function in ext/xml/xml.c in PHP before 5.5.35, 5.6.x before 5.6.21, and 7.x before 7.0.6 allows remote attackers to cause a denial of service (buffer under-read and segmentation fault) or possibly have unspecified other impact via crafted XML data in the second argument, leading to a parser level of zero. |
Affected by 89 other vulnerabilities. |
|
VCID-8zga-bqda-aaag
Aliases: CVE-2014-9705 |
CVE-2014-9705 php: heap buffer overflow in enchant_broker_request_dict() |
Affected by 155 other vulnerabilities. |
|
VCID-9814-7grr-aaas
Aliases: CVE-2016-10160 |
Off-by-one error in the phar_parse_pharfile function in ext/phar/phar.c in PHP before 5.6.30 and 7.0.x before 7.0.15 allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a crafted PHAR archive with an alias mismatch. |
Affected by 37 other vulnerabilities. |
|
VCID-99hm-dy7a-aaac
Aliases: CVE-2016-7417 |
ext/spl/spl_array.c in PHP before 5.6.26 and 7.x before 7.0.11 proceeds with SplArray unserialization without validating a return value and data type, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted serialized data. |
Affected by 47 other vulnerabilities. |
|
VCID-9rh2-2cx7-aaaa
Aliases: CVE-2014-3478 |
Buffer overflow in the mconvert function in softmagic.c in file before 5.19, as used in the Fileinfo component in PHP before 5.4.30 and 5.5.x before 5.5.14, allows remote attackers to cause a denial of service (application crash) via a crafted Pascal string in a FILE_PSTRING conversion. |
Affected by 173 other vulnerabilities. |
|
VCID-9ua3-3fhw-aaar
Aliases: CVE-2015-5590 |
Stack-based buffer overflow in the phar_fix_filepath function in ext/phar/phar.c in PHP before 5.4.43, 5.5.x before 5.5.27, and 5.6.x before 5.6.11 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a large length value, as demonstrated by mishandling of an e-mail attachment by the imap PHP extension. |
Affected by 119 other vulnerabilities. |
|
VCID-9w11-h9w4-aaak
Aliases: CVE-2018-17082 |
The Apache2 component in PHP before 5.6.38, 7.0.x before 7.0.32, 7.1.x before 7.1.22, and 7.2.x before 7.2.10 allows XSS via the body of a "Transfer-Encoding: chunked" request, because the bucket brigade is mishandled in the php_handler function in sapi/apache2handler/sapi_apache2.c. |
Affected by 11 other vulnerabilities. |
|
VCID-a17y-vjjw-aaac
Aliases: CVE-2015-2348 |
CVE-2015-2348 php: move_uploaded_file() NUL byte injection in file name |
Affected by 146 other vulnerabilities. |
|
VCID-a95k-47kr-aaaa
Aliases: CVE-2016-4070 |
** DISPUTED ** Integer overflow in the php_raw_url_encode function in ext/standard/url.c in PHP before 5.5.34, 5.6.x before 5.6.20, and 7.x before 7.0.5 allows remote attackers to cause a denial of service (application crash) via a long string to the rawurlencode function. NOTE: the vendor says "Not sure if this qualifies as security issue (probably not)." |
Affected by 99 other vulnerabilities. |
|
VCID-aerx-h83k-aaaf
Aliases: CVE-2017-9227 |
An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A stack out-of-bounds read occurs in mbc_enc_len() during regular expression searching. Invalid handling of reg->dmin in forward_search_range() could result in an invalid pointer dereference, as an out-of-bounds read from a stack buffer. |
Affected by 24 other vulnerabilities. |
|
VCID-ahs8-uf3f-aaan
Aliases: CVE-2015-6836 |
The SoapClient __call method in ext/soap/soap.c in PHP before 5.4.45, 5.5.x before 5.5.29, and 5.6.x before 5.6.13 does not properly manage headers, which allows remote attackers to execute arbitrary code via crafted serialized data that triggers a "type confusion" in the serialize_function_call function. |
Affected by 119 other vulnerabilities. |
|
VCID-amh3-pcw2-aaad
Aliases: CVE-2016-6297 |
Integer overflow in the php_stream_zip_opener function in ext/zip/zip_stream.c in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9 allows remote attackers to cause a denial of service (stack-based buffer overflow) or possibly have unspecified other impact via a crafted zip:// URL. |
Affected by 63 other vulnerabilities. |
|
VCID-amks-jmag-aaad
Aliases: CVE-2014-9427 |
CVE-2014-9427 php: out of bounds read when parsing a crafted .php file |
Affected by 160 other vulnerabilities. |
|
VCID-b97a-ea3v-aaap
Aliases: CVE-2016-5094 |
CVE-2016-5094 php: Integer overflow in php_html_entities() |
Affected by 63 other vulnerabilities. |
|
VCID-bc7f-sn66-aaas
Aliases: CVE-2015-5589 |
The phar_convert_to_other function in ext/phar/phar_object.c in PHP before 5.4.43, 5.5.x before 5.5.27, and 5.6.x before 5.6.11 does not validate a file pointer before a close operation, which allows remote attackers to cause a denial of service (segmentation fault) or possibly have unspecified other impact via a crafted TAR archive that is mishandled in a Phar::convertToData call. |
Affected by 119 other vulnerabilities. |
|
VCID-bhu5-c8ry-aaaj
Aliases: CVE-2015-4116 |
CVE-2015-4116 php: Use-after-free vulnerability in the spl_ptr_heap_insert function |
Affected by 63 other vulnerabilities. |
|
VCID-bkjz-3xzh-aaad
Aliases: CVE-2015-8876 |
Zend/zend_exceptions.c in PHP before 5.4.44, 5.5.x before 5.5.28, and 5.6.x before 5.6.12 does not validate certain Exception objects, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) or trigger unintended method execution via crafted serialized data. |
Affected by 63 other vulnerabilities. |
|
VCID-bqhp-8xc5-aaae
Aliases: CVE-2016-5773 |
php_zip.c in the zip extension in PHP before 5.5.37, 5.6.x before 5.6.23, and 7.x before 7.0.8 improperly interacts with the unserialize implementation and garbage collection, which allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free and application crash) via crafted serialized data containing a ZipArchive object. |
Affected by 63 other vulnerabilities. |
|
VCID-btp8-hyyg-aaak
Aliases: CVE-2014-0237 |
The cdf_unpack_summary_info function in cdf.c in the Fileinfo component in PHP before 5.4.29 and 5.5.x before 5.5.13 allows remote attackers to cause a denial of service (performance degradation) by triggering many file_printf calls. |
Affected by 182 other vulnerabilities. |
|
VCID-bu6h-ssxj-aaar
Aliases: CVE-2017-12933 |
The finish_nested_data function in ext/standard/var_unserializer.re in PHP before 5.6.31, 7.0.x before 7.0.21, and 7.1.x before 7.1.7 is prone to a buffer over-read while unserializing untrusted data. Exploitation of this issue can have an unspecified impact on the integrity of PHP. |
Affected by 21 other vulnerabilities. |
|
VCID-bxkz-2m5x-aaaj
Aliases: CVE-2014-0185 |
CVE-2014-0185 php: insecure default permissions on the FPM unix socket |
Affected by 182 other vulnerabilities. |
|
VCID-c33h-tsg2-aaad
Aliases: CVE-2014-0238 |
The cdf_read_property_info function in cdf.c in the Fileinfo component in PHP before 5.4.29 and 5.5.x before 5.5.13 allows remote attackers to cause a denial of service (infinite loop or out-of-bounds memory access) via a vector that (1) has zero length or (2) is too long. |
Affected by 182 other vulnerabilities. |
|
VCID-c697-xf6v-aaag
Aliases: CVE-2016-6290 |
ext/session/session.c in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9 does not properly maintain a certain hash data structure, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via vectors related to session deserialization. |
Affected by 63 other vulnerabilities. |
|
VCID-caje-cus3-aaaa
Aliases: CVE-2014-8142 |
CVE-2014-8142 php: use after free vulnerability in unserialize() |
Affected by 160 other vulnerabilities. |
|
VCID-cavj-1gux-aaab
Aliases: CVE-2014-9652 |
The mconvert function in softmagic.c in file before 5.21, as used in the Fileinfo component in PHP before 5.4.37, 5.5.x before 5.5.21, and 5.6.x before 5.6.5, does not properly handle a certain string-length field during a copy of a truncated version of a Pascal string, which might allow remote attackers to cause a denial of service (out-of-bounds memory access and application crash) via a crafted file. |
Affected by 160 other vulnerabilities. |
|
VCID-cbsr-a6t4-aaan
Aliases: CVE-2015-4598 |
CVE-2015-4598 php: missing null byte checks for paths in DOM and GD extensions |
Affected by 129 other vulnerabilities. |
|
VCID-cfmq-47tt-aaaq
Aliases: CVE-2016-4538 |
The bcpowmod function in ext/bcmath/bcmath.c in PHP before 5.5.35, 5.6.x before 5.6.21, and 7.x before 7.0.6 modifies certain data structures without considering whether they are copies of the _zero_, _one_, or _two_ global variable, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted call. |
Affected by 89 other vulnerabilities. |
|
VCID-cqj3-udy1-aaad
Aliases: CVE-2014-4049 |
CVE-2014-4049 php: heap-based buffer overflow in DNS TXT record parsing |
Affected by 182 other vulnerabilities. |
|
VCID-cr4y-qm63-aaaa
Aliases: CVE-2014-3597 |
CVE-2014-3597 php: multiple buffer over-reads in php_parserr |
Affected by 171 other vulnerabilities. |
|
VCID-d8t4-e42z-aaaq
Aliases: CVE-2016-10159 |
Integer overflow in the phar_parse_pharfile function in ext/phar/phar.c in PHP before 5.6.30 and 7.0.x before 7.0.15 allows remote attackers to cause a denial of service (memory consumption or application crash) via a truncated manifest entry in a PHAR archive. |
Affected by 37 other vulnerabilities. |
|
VCID-db51-2ryw-aaah
Aliases: CVE-2014-3669 |
CVE-2014-3669 php: integer overflow in unserialize() |
Affected by 167 other vulnerabilities. |
|
VCID-dc58-m3r7-aaab
Aliases: CVE-2010-4657 |
CVE-2010-4657 php: XMLWriter information leak |
Affected by 186 other vulnerabilities. |
|
VCID-ddnb-6axg-aaap
Aliases: CVE-2014-3480 |
The cdf_count_chain function in cdf.c in file before 5.19, as used in the Fileinfo component in PHP before 5.4.30 and 5.5.x before 5.5.14, does not properly validate sector-count data, which allows remote attackers to cause a denial of service (application crash) via a crafted CDF file. |
Affected by 173 other vulnerabilities. |
|
VCID-ddr4-6h3k-aaaa
Aliases: CVE-2015-4022 |
CVE-2015-4022 php: integer overflow leading to heap overflow when reading FTP file listing |
Affected by 129 other vulnerabilities. |
|
VCID-dk9d-5awh-aaac
Aliases: CVE-2017-11143 |
In PHP before 5.6.31, an invalid free in the WDDX deserialization of boolean parameters could be used by attackers able to inject XML for deserialization to crash the PHP interpreter, related to an invalid free for an empty boolean element in ext/wddx/wddx.c. |
Affected by 24 other vulnerabilities. |
|
VCID-dm7d-pqtn-aaae
Aliases: CVE-2018-7584 |
In PHP through 5.6.33, 7.0.x before 7.0.28, 7.1.x through 7.1.14, and 7.2.x through 7.2.2, there is a stack-based buffer under-read while parsing an HTTP response in the php_stream_url_wrap_http_ex function in ext/standard/http_fopen_wrapper.c. This subsequently results in copying a large string. |
Affected by 19 other vulnerabilities. |
|
VCID-dzgz-rfgs-aaap
Aliases: CVE-2019-9640 |
An issue was discovered in the EXIF component in PHP before 7.1.27, 7.2.x before 7.2.16, and 7.3.x before 7.3.3. There is an Invalid Read in exif_process_SOFn. |
Affected by 0 other vulnerabilities. |
|
VCID-dzks-xxg9-aaaf
Aliases: CVE-2016-9137 |
Use-after-free vulnerability in the CURLFile implementation in ext/curl/curl_file.c in PHP before 5.6.27 and 7.x before 7.0.12 allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted serialized data that is mishandled during __wakeup processing. |
Affected by 37 other vulnerabilities. |
|
VCID-e2d4-5wgr-aaah
Aliases: CVE-2015-4147 |
CVE-2015-4147 php: SoapClient's __call() type confusion through unserialize() |
Affected by 129 other vulnerabilities. |
|
VCID-e2ge-edan-aaac
Aliases: CVE-2015-2787 |
CVE-2015-2787 php: use-after-free vulnerability in the process_nested_data function in ext/standard/var_unserializer.re |
Affected by 146 other vulnerabilities. |
|
VCID-e3hk-3nez-aaah
Aliases: CVE-2016-4542 |
The exif_process_IFD_TAG function in ext/exif/exif.c in PHP before 5.5.35, 5.6.x before 5.6.21, and 7.x before 7.0.6 does not properly construct spprintf arguments, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via crafted header data. |
Affected by 89 other vulnerabilities. |
|
VCID-eaya-j7s9-aaap
Aliases: CVE-2016-10397 |
In PHP before 5.6.28 and 7.x before 7.0.13, incorrect handling of various URI components in the URL parser could be used by attackers to bypass hostname-specific URL checks, as demonstrated by evil.example.com:80#@good.example.com/ and evil.example.com:80?@good.example.com/ inputs to the parse_url function (implemented in the php_url_parse_ex function in ext/standard/url.c). |
Affected by 24 other vulnerabilities. |
|
VCID-ecaw-9d8w-aaas
Aliases: CVE-2014-4670 |
CVE-2014-4670 php: SPL Iterators use-after-free |
Affected by 173 other vulnerabilities. |
|
VCID-edst-5sbq-aaaq
Aliases: CVE-2015-0232 |
CVE-2015-0232 php: Free called on unitialized pointer in exif.c |
Affected by 160 other vulnerabilities. |
|
VCID-eh77-9yza-aaaq
Aliases: CVE-2015-0273 |
CVE-2015-0273 php: use after free vulnerability in unserialize() with DateTimeZone |
Affected by 155 other vulnerabilities. |
|
VCID-ehry-rcpp-aaab
Aliases: CVE-2016-10161 |
The object_common1 function in ext/standard/var_unserializer.c in PHP before 5.6.30, 7.0.x before 7.0.15, and 7.1.x before 7.1.1 allows remote attackers to cause a denial of service (buffer over-read and application crash) via crafted serialized data that is mishandled in a finish_nested_data call. |
Affected by 37 other vulnerabilities. |
|
VCID-epm5-9tkf-aaaf
Aliases: CVE-2016-6289 |
Integer overflow in the virtual_file_ex function in TSRM/tsrm_virtual_cwd.c in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9 allows remote attackers to cause a denial of service (stack-based buffer overflow) or possibly have unspecified other impact via a crafted extract operation on a ZIP archive. |
Affected by 63 other vulnerabilities. |
|
VCID-espq-zmxu-aaaf
Aliases: CVE-2015-4603 |
CVE-2015-4603 php: exception::getTraceAsString type confusion issue after unserialize |
Affected by 129 other vulnerabilities. |
|
VCID-eu3t-r61z-aaan
Aliases: CVE-2015-4604 |
The mget function in softmagic.c in file 5.x, as used in the Fileinfo component in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8, does not properly maintain a certain pointer relationship, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted string that is mishandled by a "Python script text executable" rule. |
Affected by 146 other vulnerabilities. |
|
VCID-ev39-178w-aaaq
Aliases: CVE-2016-5114 |
CVE-2016-5114 php: out-of-bounds write in fpm_log.c |
Affected by 63 other vulnerabilities. |
|
VCID-ez8q-wn5x-aaak
Aliases: CVE-2016-6292 |
The exif_process_user_comment function in ext/exif/exif.c in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted JPEG image. |
Affected by 63 other vulnerabilities. |
|
VCID-faaa-qkj3-aaae
Aliases: CVE-2016-7479 |
In all versions of PHP 7, during the unserialization process, resizing the 'properties' hash table of a serialized object may lead to use-after-free. A remote attacker may exploit this bug to gain arbitrary code execution. |
Affected by 37 other vulnerabilities. |
|
VCID-fgpm-vf17-aaad
Aliases: CVE-2016-4544 |
The exif_process_TIFF_in_JPEG function in ext/exif/exif.c in PHP before 5.5.35, 5.6.x before 5.6.21, and 7.x before 7.0.6 does not validate TIFF start data, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via crafted header data. |
Affected by 89 other vulnerabilities. |
|
VCID-fqv9-m1gk-aaaa
Aliases: CVE-2015-8838 |
CVE-2015-8838 php: mysqlnd interface vulnerable to BACKRONYM |
Affected by 99 other vulnerabilities. |
|
VCID-g3nd-5q64-aaas
Aliases: CVE-2016-6291 |
The exif_process_IFD_in_MAKERNOTE function in ext/exif/exif.c in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9 allows remote attackers to cause a denial of service (out-of-bounds array access and memory corruption), obtain sensitive information from process memory, or possibly have unspecified other impact via a crafted JPEG image. |
Affected by 63 other vulnerabilities. |
|
VCID-ga1y-kh3b-aaan
Aliases: CVE-2015-7804 |
CVE-2015-7804 php: uninitialized pointer in phar_make_dirstream() |
Affected by 117 other vulnerabilities. |
|
VCID-gfku-c32j-aaas
Aliases: CVE-2015-8994 |
An issue was discovered in PHP 5.x and 7.x, when the configuration uses apache2handler/mod_php or php-fpm with OpCache enabled. With 5.x after 5.6.28 or 7.x after 7.0.13, the issue is resolved in a non-default configuration with the opcache.validate_permission=1 setting. The vulnerability details are as follows. In PHP SAPIs where PHP interpreters share a common parent process, Zend OpCache creates a shared memory object owned by the common parent during initialization. Child PHP processes inherit the SHM descriptor, using it to cache and retrieve compiled script bytecode ("opcode" in PHP jargon). Cache keys vary depending on configuration, but filename is a central key component, and compiled opcode can generally be run if a script's filename is known or can be guessed. Many common shared-hosting configurations change EUID in child processes to enforce privilege separation among hosted users (for example using mod_ruid2 for the Apache HTTP Server, or php-fpm user settings). In these scenarios, the default Zend OpCache behavior defeats script file permissions by sharing a single SHM cache among all child PHP processes. PHP scripts often contain sensitive information: Think of CMS configurations where reading or running another user's script usually means gaining privileges to the CMS database. |
Affected by 24 other vulnerabilities. |
|
VCID-gpu8-tehr-aaar
Aliases: CVE-2015-4021 |
CVE-2015-4021 php: memory corruption in phar_parse_tarfile caused by empty entry file name |
Affected by 129 other vulnerabilities. |
|
VCID-gvj2-thyu-aaaj
Aliases: CVE-2015-4602 |
CVE-2015-4602 php: Incomplete Class unserialization type confusion |
Affected by 129 other vulnerabilities. |
|
VCID-gyc3-5a8r-aaar
Aliases: CVE-2015-4026 |
CVE-2015-4026 php: pcntl_exec() accepts paths with NUL character |
Affected by 129 other vulnerabilities. |
|
VCID-h9d3-dmt9-aaae
Aliases: CVE-2019-9024 |
An issue was discovered in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1. xmlrpc_decode() can allow a hostile XMLRPC server to cause PHP to read memory outside of allocated areas in base64_decode_xmlrpc in ext/xmlrpc/libxmlrpc/base64.c. |
Affected by 7 other vulnerabilities. |
|
VCID-hcqt-5qmr-aaaj
Aliases: CVE-2016-7125 |
ext/session/session.c in PHP before 5.6.25 and 7.x before 7.0.10 skips invalid session names in a way that triggers incorrect parsing, which allows remote attackers to inject arbitrary-type session data by leveraging control of a session name, as demonstrated by object injection. |
Affected by 47 other vulnerabilities. |
|
VCID-hd22-4hsa-aaaq
Aliases: CVE-2019-9637 |
An issue was discovered in PHP before 7.1.27, 7.2.x before 7.2.16, and 7.3.x before 7.3.3. Due to the way rename() across filesystems is implemented, it is possible that file being renamed is briefly available with wrong permissions while the rename is ongoing, thus enabling unauthorized users to access the data. |
Affected by 0 other vulnerabilities. |
|
VCID-hfqn-f7dg-aaas
Aliases: CVE-2015-4601 |
CVE-2015-4599 CVE-2015-4600 CVE-2015-4601 php: type confusion issue in unserialize() with various SOAP methods |
Affected by 129 other vulnerabilities. |
|
VCID-hrzf-w26e-aaaq
Aliases: CVE-2019-9675 |
** DISPUTED ** An issue was discovered in PHP 7.x before 7.1.27 and 7.3.x before 7.3.3. phar_tar_writeheaders_int in ext/phar/tar.c has a buffer overflow via a long link value. NOTE: The vendor indicates that the link value is used only when an archive contains a symlink, which currently cannot happen: "This issue allows theoretical compromise of security, but a practical attack is usually impossible." |
Affected by 0 other vulnerabilities. |
|
VCID-hsuv-pkxg-aaar
Aliases: CVE-2017-9224 |
An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A stack out-of-bounds read occurs in match_at() during regular expression searching. A logical error involving order of validation and access in match_at() could result in an out-of-bounds read from a stack buffer. |
Affected by 24 other vulnerabilities. |
|
VCID-j3ys-6mb8-aaas
Aliases: CVE-2015-4644 |
CVE-2015-4644 php: NULL pointer dereference in php_pgsql_meta_data() |
Affected by 129 other vulnerabilities. |
|
VCID-jhah-ksvx-aaag
Aliases: CVE-2015-2301 |
CVE-2015-2301 php: use after free in phar_object.c |
Affected by 155 other vulnerabilities. |
|
VCID-jp2a-f69z-aaaj
Aliases: CVE-2016-7129 |
The php_wddx_process_data function in ext/wddx/wddx.c in PHP before 5.6.25 and 7.x before 7.0.10 allows remote attackers to cause a denial of service (segmentation fault) or possibly have unspecified other impact via an invalid ISO 8601 time value, as demonstrated by a wddx_deserialize call that mishandles a dateTime element in a wddxPacket XML document. |
Affected by 47 other vulnerabilities. |
|
VCID-jtz2-745j-aaam
Aliases: CVE-2018-10546 |
An issue was discovered in PHP before 5.6.36, 7.0.x before 7.0.30, 7.1.x before 7.1.17, and 7.2.x before 7.2.5. An infinite loop exists in ext/iconv/iconv.c because the iconv stream filter does not reject invalid multibyte sequences. |
Affected by 14 other vulnerabilities. |
|
VCID-jxwt-uhqc-aaag
Aliases: CVE-2016-7413 |
Use-after-free vulnerability in the wddx_stack_destroy function in ext/wddx/wddx.c in PHP before 5.6.26 and 7.x before 7.0.11 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a wddxPacket XML document that lacks an end-tag for a recordset field element, leading to mishandling in a wddx_deserialize call. |
Affected by 47 other vulnerabilities. |
|
VCID-kg2b-vx21-aaas
Aliases: CVE-2016-5772 |
Double free vulnerability in the php_wddx_process_data function in wddx.c in the WDDX extension in PHP before 5.5.37, 5.6.x before 5.6.23, and 7.x before 7.0.8 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted XML data that is mishandled in a wddx_deserialize call. |
Affected by 63 other vulnerabilities. |
|
VCID-kgm1-tg95-aaas
Aliases: CVE-2016-4346 |
Integer overflow in the str_pad function in ext/standard/string.c in PHP before 7.0.4 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a long string, leading to a heap-based buffer overflow. |
Affected by 99 other vulnerabilities. |
|
VCID-khng-y4t1-aaaa
Aliases: CVE-2017-11145 |
In PHP before 5.6.31, 7.x before 7.0.21, and 7.1.x before 7.1.7, an error in the date extension's timelib_meridian parsing code could be used by attackers able to supply date strings to leak information from the interpreter, related to ext/date/lib/parse_date.c out-of-bounds reads affecting the php_parse_date function. NOTE: the correct fix is in the e8b7698f5ee757ce2c8bd10a192a491a498f891c commit, not the bd77ac90d3bdf31ce2a5251ad92e9e75 gist. |
Affected by 24 other vulnerabilities. |
|
VCID-krpu-up7q-aaaj
Aliases: CVE-2018-14883 |
An issue was discovered in PHP before 5.6.37, 7.0.x before 7.0.31, 7.1.x before 7.1.20, and 7.2.x before 7.2.8. An Integer Overflow leads to a heap-based buffer over-read in exif_thumbnail_extract of exif.c. |
Affected by 11 other vulnerabilities. |
|
VCID-ks9b-8sm9-aaaa
Aliases: CVE-2014-3710 |
The donote function in readelf.c in file through 5.20, as used in the Fileinfo component in PHP 5.4.34, does not ensure that sufficient note headers are present, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted ELF file. |
Affected by 167 other vulnerabilities. |
|
VCID-kthc-z751-aaab
Aliases: CVE-2014-3515 |
CVE-2014-3515 php: unserialize() SPL ArrayObject / SPLObjectStorage type confusion flaw |
Affected by 173 other vulnerabilities. |
|
VCID-ktvt-pjew-aaad
Aliases: CVE-2016-6295 |
ext/snmp/snmp.c in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9 improperly interacts with the unserialize implementation and garbage collection, which allows remote attackers to cause a denial of service (use-after-free and application crash) or possibly have unspecified other impact via crafted serialized data, a related issue to CVE-2016-5773. |
Affected by 63 other vulnerabilities. |
|
VCID-m32n-gcgz-aaah
Aliases: CVE-2014-3670 |
CVE-2014-3670 php: heap corruption issue in exif_thumbnail() |
Affected by 167 other vulnerabilities. |
|
VCID-m7uy-vpes-aaaq
Aliases: CVE-2014-9912 |
CVE-2014-9912 php: stack buffer overflow in locale_get_display_name |
Affected by 37 other vulnerabilities. |
|
VCID-mgxe-xrj2-aaar
Aliases: CVE-2016-1903 |
The gdImageRotateInterpolated function in ext/gd/libgd/gd_interpolation.c in PHP before 5.5.31, 5.6.x before 5.6.17, and 7.x before 7.0.2 allows remote attackers to obtain sensitive information or cause a denial of service (out-of-bounds read and application crash) via a large bgd_color argument to the imagerotate function. |
Affected by 99 other vulnerabilities. |
|
VCID-mkbd-9asr-aaah
Aliases: CVE-2015-4643 |
CVE-2015-4643 php: integer overflow in ftp_genlist() resulting in heap overflow (improved fix for CVE-2015-4022) |
Affected by 129 other vulnerabilities. |
|
VCID-mwev-5h1b-aaaj
Aliases: CVE-2015-7803 |
CVE-2015-7803 php: NULL pointer dereference in phar_get_fp_offset() |
Affected by 117 other vulnerabilities. |
|
VCID-mwnv-fn7r-aaad
Aliases: CVE-2016-4342 |
ext/phar/phar_object.c in PHP before 5.5.32, 5.6.x before 5.6.18, and 7.x before 7.0.3 mishandles zero-length uncompressed data, which allows remote attackers to cause a denial of service (heap memory corruption) or possibly have unspecified other impact via a crafted (1) TAR, (2) ZIP, or (3) PHAR archive. |
Affected by 89 other vulnerabilities. |
|
VCID-mxvs-xu78-aaab
Aliases: CVE-2014-3479 |
The cdf_check_stream_offset function in cdf.c in file before 5.19, as used in the Fileinfo component in PHP before 5.4.30 and 5.5.x before 5.5.14, relies on incorrect sector-size data, which allows remote attackers to cause a denial of service (application crash) via a crafted stream offset in a CDF file. |
Affected by 173 other vulnerabilities. |
|
VCID-n41v-u4d9-aaah
Aliases: CVE-2016-5771 |
spl_array.c in the SPL extension in PHP before 5.5.37 and 5.6.x before 5.6.23 improperly interacts with the unserialize implementation and garbage collection, which allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free and application crash) via crafted serialized data. |
Affected by 63 other vulnerabilities. |
|
VCID-nadp-q9zr-aaah
Aliases: CVE-2016-7124 |
ext/standard/var_unserializer.c in PHP before 5.6.25 and 7.x before 7.0.10 mishandles certain invalid objects, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted serialized data that leads to a (1) __destruct call or (2) magic method call. |
Affected by 47 other vulnerabilities. |
|
VCID-nk8j-m9y8-aaar
Aliases: CVE-2016-7480 |
The SplObjectStorage unserialize implementation in ext/spl/spl_observer.c in PHP before 7.0.12 does not verify that a key is an object, which allows remote attackers to execute arbitrary code or cause a denial of service (uninitialized memory access) via crafted serialized data. |
Affected by 47 other vulnerabilities. |
|
VCID-ns8v-awcf-aaak
Aliases: CVE-2015-8867 |
The openssl_random_pseudo_bytes function in ext/openssl/openssl.c in PHP before 5.4.44, 5.5.x before 5.5.28, and 5.6.x before 5.6.12 incorrectly relies on the deprecated RAND_pseudo_bytes function, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via unspecified vectors. |
Affected by 99 other vulnerabilities. |
|
VCID-nzur-ybvj-aaag
Aliases: CVE-2019-9021 |
An issue was discovered in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1. A heap-based buffer over-read in PHAR reading functions in the PHAR extension may allow an attacker to read allocated or unallocated memory past the actual data when trying to parse the file name, a different vulnerability than CVE-2018-20783. This is related to phar_detect_phar_fname_ext in ext/phar/phar.c. |
Affected by 7 other vulnerabilities. |
|
VCID-p4jm-wupx-aaaf
Aliases: CVE-2016-5096 |
CVE-2016-5096 php: Integer underflow causing arbitrary null write in fread/gzread |
Affected by 63 other vulnerabilities. |
|
VCID-pe4m-8btz-aaae
Aliases: CVE-2015-8866 |
CVE-2015-8866 php: libxml_disable_entity_loader setting is shared between threads |
Affected by 99 other vulnerabilities. |
|
VCID-pmr1-6a2w-aaag
Aliases: CVE-2014-0207 |
The cdf_read_short_sector function in cdf.c in file before 5.19, as used in the Fileinfo component in PHP before 5.4.30 and 5.5.x before 5.5.14, allows remote attackers to cause a denial of service (assertion failure and application exit) via a crafted CDF file. |
Affected by 173 other vulnerabilities. |
|
VCID-pnw5-mzzx-aaac
Aliases: CVE-2014-4698 |
CVE-2014-4698 php: ArrayIterator use-after-free due to object change during sorting |
Affected by 173 other vulnerabilities. |
|
VCID-pw49-d9aa-aaac
Aliases: CVE-2016-5093 |
The get_icu_value_internal function in ext/intl/locale/locale_methods.c in PHP before 5.5.36, 5.6.x before 5.6.22, and 7.x before 7.0.7 does not ensure the presence of a '\0' character, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a crafted locale_get_primary_language call. |
Affected by 63 other vulnerabilities. |
|
VCID-q2vs-jf13-aaam
Aliases: CVE-2016-5385 GHSA-m6ch-gg5f-wxx3 |
HTTP Proxy header vulnerability |
Affected by 63 other vulnerabilities. |
|
VCID-q363-4cae-aaaq
Aliases: CVE-2017-11147 |
In PHP before 5.6.30 and 7.x before 7.0.15, the PHAR archive handler could be used by attackers supplying malicious archive files to crash the PHP interpreter or potentially disclose information due to a buffer over-read in the phar_parse_pharfile function in ext/phar/phar.c. |
Affected by 24 other vulnerabilities. |
|
VCID-qfm8-jewu-aaap
Aliases: CVE-2016-7130 |
The php_wddx_pop_element function in ext/wddx/wddx.c in PHP before 5.6.25 and 7.x before 7.0.10 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) or possibly have unspecified other impact via an invalid base64 binary value, as demonstrated by a wddx_deserialize call that mishandles a binary element in a wddxPacket XML document. |
Affected by 47 other vulnerabilities. |
|
VCID-qg18-gtx4-aaaq
Aliases: CVE-2015-6833 |
Directory traversal vulnerability in the PharData class in PHP before 5.4.44, 5.5.x before 5.5.28, and 5.6.x before 5.6.12 allows remote attackers to write to arbitrary files via a .. (dot dot) in a ZIP archive entry that is mishandled during an extractTo call. |
Affected by 119 other vulnerabilities. |
|
VCID-qqbe-zhze-aaar
Aliases: CVE-2017-11144 |
In PHP before 5.6.31, 7.x before 7.0.21, and 7.1.x before 7.1.7, the openssl extension PEM sealing code did not check the return value of the OpenSSL sealing function, which could lead to a crash of the PHP interpreter, related to an interpretation conflict for a negative number in ext/openssl/openssl.c, and an OpenSSL documentation omission. |
Affected by 24 other vulnerabilities. |
|
VCID-qyh7-y7rs-aaar
Aliases: CVE-2016-3142 |
CVE-2016-3142 php: Out-of-bounds read in phar_parse_zipfile() |
Affected by 99 other vulnerabilities. |
|
VCID-r27c-71jx-aaar
Aliases: CVE-2015-6835 |
The session deserializer in PHP before 5.4.45, 5.5.x before 5.5.29, and 5.6.x before 5.6.13 mishandles multiple php_var_unserialize calls, which allow remote attackers to execute arbitrary code or cause a denial of service (use-after-free) via crafted session content. |
Affected by 119 other vulnerabilities. |
|
VCID-rkey-bq9k-aaab
Aliases: CVE-2016-4071 |
Format string vulnerability in the php_snmp_error function in ext/snmp/snmp.c in PHP before 5.5.34, 5.6.x before 5.6.20, and 7.x before 7.0.5 allows remote attackers to execute arbitrary code via format string specifiers in an SNMP::get call. |
Affected by 99 other vulnerabilities. |
|
VCID-rkpb-fee8-aaab
Aliases: CVE-2015-1351 |
CVE-2015-1351 php: use after free in opcache extension |
Affected by 160 other vulnerabilities. |
|
VCID-rz4j-9nvp-aaaq
Aliases: CVE-2016-10158 |
The exif_convert_any_to_int function in ext/exif/exif.c in PHP before 5.6.30, 7.0.x before 7.0.15, and 7.1.x before 7.1.1 allows remote attackers to cause a denial of service (application crash) via crafted EXIF data that triggers an attempt to divide the minimum representable negative integer by -1. |
Affected by 37 other vulnerabilities. |
|
VCID-s6rf-ez2u-aaap
Aliases: CVE-2016-3141 |
CVE-2016-3141 php: Use after free in WDDX Deserialize when processing XML data |
Affected by 99 other vulnerabilities. |
|
VCID-s7bp-2h8v-aaah
Aliases: CVE-2014-3587 |
Integer overflow in the cdf_read_property_info function in cdf.c in file through 5.19, as used in the Fileinfo component in PHP before 5.4.32 and 5.5.x before 5.5.16, allows remote attackers to cause a denial of service (application crash) via a crafted CDF file. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-1571. |
Affected by 171 other vulnerabilities. |
|
VCID-s9m1-697s-aaam
Aliases: CVE-2016-5399 |
The bzread function in ext/bz2/bz2.c in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9 allows remote attackers to cause a denial of service (out-of-bounds write) or execute arbitrary code via a crafted bz2 archive. |
Affected by 63 other vulnerabilities. |
|
VCID-se12-nu1n-aaag
Aliases: CVE-2016-4344 |
Integer overflow in the xml_utf8_encode function in ext/xml/xml.c in PHP before 7.0.4 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a long argument to the utf8_encode function, leading to a heap-based buffer overflow. |
Affected by 99 other vulnerabilities. |
|
VCID-sqtp-vevt-aaak
Aliases: CVE-2017-9228 |
An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A heap out-of-bounds write occurs in bitset_set_range() during regular expression compilation due to an uninitialized variable from an incorrect state transition. An incorrect state transition in parse_char_class() could create an execution path that leaves a critical local variable uninitialized until it's used as an index, resulting in an out-of-bounds write memory corruption. |
Affected by 24 other vulnerabilities. |
|
VCID-stmg-v5v5-aaab
Aliases: CVE-2016-2554 |
Stack-based buffer overflow in ext/phar/tar.c in PHP before 5.5.32, 5.6.x before 5.6.18, and 7.x before 7.0.3 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted TAR archive. |
Affected by 99 other vulnerabilities. |
|
VCID-svn2-nywv-aaac
Aliases: CVE-2016-6288 |
CVE-2016-6288 php: Buffer over-read in php_url_parse_ex |
Affected by 63 other vulnerabilities. |
|
VCID-swat-ndf2-aaab
Aliases: CVE-2017-11628 |
In PHP before 5.6.31, 7.x before 7.0.21, and 7.1.x before 7.1.7, a stack-based buffer overflow in the zend_ini_do_op() function in Zend/zend_ini_parser.c could cause a denial of service or potentially allow executing code. NOTE: this is only relevant for PHP applications that accept untrusted input (instead of the system's php.ini file) for the parse_ini_string or parse_ini_file function, e.g., a web application for syntax validation of php.ini directives. |
Affected by 24 other vulnerabilities. |
|
VCID-t4ck-5p4y-aaah
Aliases: CVE-2016-7131 |
ext/wddx/wddx.c in PHP before 5.6.25 and 7.x before 7.0.10 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) or possibly have unspecified other impact via a malformed wddxPacket XML document that is mishandled in a wddx_deserialize call, as demonstrated by a tag that lacks a < (less than) character. |
Affected by 47 other vulnerabilities. |
|
VCID-t687-wt36-aaak
Aliases: CVE-2014-8117 |
softmagic.c in file before 5.21 does not properly limit recursion, which allows remote attackers to cause a denial of service (CPU consumption or crash) via unspecified vectors. |
Affected by 155 other vulnerabilities. |
|
VCID-tj5w-mvu3-aaad
Aliases: CVE-2015-8873 |
CVE-2015-8873 php: Stack consumption vulnerability in Zend/zend_exceptions.c |
Affected by 63 other vulnerabilities. |
|
VCID-ufxy-f9gq-aaae
Aliases: CVE-2017-9226 |
An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A heap out-of-bounds write or read occurs in next_state_val() during regular expression compilation. Octal numbers larger than 0xff are not handled correctly in fetch_token() and fetch_token_in_cc(). A malformed regular expression containing an octal number in the form of '\700' would produce an invalid code point value larger than 0xff in next_state_val(), resulting in an out-of-bounds write memory corruption. |
Affected by 24 other vulnerabilities. |
|
VCID-uk9b-bduf-aaas
Aliases: CVE-2016-7478 |
Zend/zend_exceptions.c in PHP, possibly 5.x before 5.6.28 and 7.x before 7.0.13, allows remote attackers to cause a denial of service (infinite loop) via a crafted Exception object in serialized data, a related issue to CVE-2015-8876. |
Affected by 37 other vulnerabilities. |
|
VCID-usqs-hnjy-aaag
Aliases: CVE-2015-4600 |
CVE-2015-4599 CVE-2015-4600 CVE-2015-4601 php: type confusion issue in unserialize() with various SOAP methods |
Affected by 129 other vulnerabilities. |
|
VCID-uzjm-61qc-aaap
Aliases: CVE-2015-6834 |
Multiple use-after-free vulnerabilities in PHP before 5.4.45, 5.5.x before 5.5.29, and 5.6.x before 5.6.13 allow remote attackers to execute arbitrary code via vectors related to (1) the Serializable interface, (2) the SplObjectStorage class, and (3) the SplDoublyLinkedList class, which are mishandled during unserialization. |
Affected by 119 other vulnerabilities. |
|
VCID-v51t-9vvq-aaah
Aliases: CVE-2018-5712 |
An issue was discovered in PHP before 5.6.33, 7.0.x before 7.0.27, 7.1.x before 7.1.13, and 7.2.x before 7.2.1. There is Reflected XSS on the PHAR 404 error page via the URI of a request for a .phar file. |
Affected by 21 other vulnerabilities. |
|
VCID-va4q-zdk5-aaaq
Aliases: CVE-2016-7128 |
The exif_process_IFD_in_TIFF function in ext/exif/exif.c in PHP before 5.6.25 and 7.x before 7.0.10 mishandles the case of a thumbnail offset that exceeds the file size, which allows remote attackers to obtain sensitive information from process memory via a crafted TIFF image. |
Affected by 47 other vulnerabilities. |
|
VCID-vad4-hrb8-aaag
Aliases: CVE-2018-14851 |
exif_process_IFD_in_MAKERNOTE in ext/exif/exif.c in PHP before 5.6.37, 7.0.x before 7.0.31, 7.1.x before 7.1.20, and 7.2.x before 7.2.8 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted JPEG file. |
Affected by 11 other vulnerabilities. |
|
VCID-vche-tfhc-aaas
Aliases: CVE-2016-7418 |
The php_wddx_push_element function in ext/wddx/wddx.c in PHP before 5.6.26 and 7.x before 7.0.11 allows remote attackers to cause a denial of service (invalid pointer access and out-of-bounds read) or possibly have unspecified other impact via an incorrect boolean element in a wddxPacket XML document, leading to mishandling in a wddx_deserialize call. |
Affected by 47 other vulnerabilities. |
|
VCID-vckr-wjrm-aaas
Aliases: CVE-2017-11362 |
In PHP 7.x before 7.0.21 and 7.1.x before 7.1.7, ext/intl/msgformat/msgformat_parse.c does not restrict the locale length, which allows remote attackers to cause a denial of service (stack-based buffer overflow and application crash) or possibly have unspecified other impact within International Components for Unicode (ICU) for C/C++ via a long first argument to the msgfmt_parse_message function. |
Affected by 24 other vulnerabilities. |
|
VCID-vdcw-7umn-aaaa
Aliases: CVE-2015-4148 |
CVE-2015-4148 php: SoapClient's do_soap_call() type confusion after unserialize() |
Affected by 129 other vulnerabilities. |
|
VCID-vpd4-cnm8-aaak
Aliases: CVE-2016-7412 |
ext/mysqlnd/mysqlnd_wireprotocol.c in PHP before 5.6.26 and 7.x before 7.0.11 does not verify that a BIT field has the UNSIGNED_FLAG flag, which allows remote MySQL servers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via crafted field metadata. |
Affected by 47 other vulnerabilities. |
|
VCID-vqw1-fjuz-aaap
Aliases: CVE-2016-6296 |
Integer signedness error in the simplestring_addn function in simplestring.c in xmlrpc-epi through 0.54.2, as used in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9, allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a long first argument to the PHP xmlrpc_encode_request function. |
Affected by 63 other vulnerabilities. |
|
VCID-vzen-867m-aaar
Aliases: CVE-2014-4721 |
CVE-2014-4721 php: type confusion issue in phpinfo() leading to information leak |
Affected by 173 other vulnerabilities. |
|
VCID-w58a-861z-aaap
Aliases: CVE-2014-3668 |
CVE-2014-3668 php: xmlrpc ISO8601 date format parsing out-of-bounds read in mkgmtime() |
Affected by 167 other vulnerabilities. |
|
VCID-wrg6-qcd8-aaae
Aliases: CVE-2011-2483 |
crypt_blowfish before 1.1, as used in PHP before 5.3.7 on certain platforms, PostgreSQL before 8.4.9, and other products, does not properly handle 8-bit characters, which makes it easier for context-dependent attackers to determine a cleartext password by leveraging knowledge of a password hash. |
Affected by 187 other vulnerabilities. |
|
VCID-x7h2-nbba-aaam
Aliases: CVE-2015-4605 |
The mcopy function in softmagic.c in file 5.x, as used in the Fileinfo component in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8, does not properly restrict a certain offset value, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted string that is mishandled by a "Python script text executable" rule. |
Affected by 146 other vulnerabilities. |
|
VCID-xb1g-7p1v-aaab
Aliases: CVE-2016-7416 |
ext/intl/msgformat/msgformat_format.c in PHP before 5.6.26 and 7.x before 7.0.11 does not properly restrict the locale length provided to the Locale class in the ICU library, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a MessageFormatter::formatMessage call with a long first argument. |
Affected by 47 other vulnerabilities. |
|
VCID-xhsd-e5h5-aaaj
Aliases: CVE-2016-4543 |
The exif_process_IFD_in_JPEG function in ext/exif/exif.c in PHP before 5.5.35, 5.6.x before 5.6.21, and 7.x before 7.0.6 does not validate IFD sizes, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via crafted header data. |
Affected by 89 other vulnerabilities. |
|
VCID-xpnj-e42u-aaac
Aliases: CVE-2019-9638 |
An issue was discovered in the EXIF component in PHP before 7.1.27, 7.2.x before 7.2.16, and 7.3.x before 7.3.3. There is an uninitialized read in exif_process_IFD_in_MAKERNOTE because of mishandling the maker_note->offset relationship to value_len. |
Affected by 0 other vulnerabilities. |
|
VCID-xyng-4f4c-aaaa
Aliases: CVE-2015-4025 |
CVE-2015-4025 php: CVE-2006-7243 regressions in 5.4+ |
Affected by 129 other vulnerabilities. |
|
VCID-y9b5-mxfj-aaah
Aliases: CVE-2018-10547 |
An issue was discovered in ext/phar/phar_object.c in PHP before 5.6.36, 7.0.x before 7.0.30, 7.1.x before 7.1.17, and 7.2.x before 7.2.5. There is Reflected XSS on the PHAR 403 and 404 error pages via request data of a request for a .phar file. NOTE: this vulnerability exists because of an incomplete fix for CVE-2018-5712. |
Affected by 14 other vulnerabilities. |
|
VCID-yh51-hcjg-aaad
Aliases: CVE-2018-12882 |
exif_read_from_impl in ext/exif/exif.c in PHP 7.2.x through 7.2.7 allows attackers to trigger a use-after-free (in exif_read_from_file) because it closes a stream that it is not responsible for closing. The vulnerable code is reachable through the PHP exif_read_data function. |
Affected by 14 other vulnerabilities. |
|
VCID-ywgx-fd6w-aaam
Aliases: CVE-2015-3330 |
CVE-2015-3330 php: pipelined request executed in deinitialized interpreter under httpd 2.4 |
Affected by 146 other vulnerabilities. |
|
VCID-yzk2-j6nx-aaaq
Aliases: CVE-2015-8865 |
The file_check_mem function in funcs.c in file before 5.23, as used in the Fileinfo component in PHP before 5.5.34, 5.6.x before 5.6.20, and 7.x before 7.0.5, mishandles continuation-level jumps, which allows context-dependent attackers to cause a denial of service (buffer overflow and application crash) or possibly execute arbitrary code via a crafted magic file. |
Affected by 99 other vulnerabilities. |
|
VCID-z3ys-sphs-aaak
Aliases: CVE-2015-3411 |
CVE-2015-3411 php: missing null byte checks for paths in various PHP extensions |
Affected by 129 other vulnerabilities. |
|
VCID-z7nu-15rh-aaas
Aliases: CVE-2016-4072 |
The Phar extension in PHP before 5.5.34, 5.6.x before 5.6.20, and 7.x before 7.0.5 allows remote attackers to execute arbitrary code via a crafted filename, as demonstrated by mishandling of \0 characters by the phar_analyze_path function in ext/phar/phar.c. |
Affected by 99 other vulnerabilities. |
|
VCID-zdrs-qsg5-aaas
Aliases: CVE-2015-3412 |
CVE-2015-3412 php: missing null byte checks for paths in various PHP extensions |
Affected by 129 other vulnerabilities. |
|
VCID-zqhn-z3yy-aaas
Aliases: CVE-2016-4345 |
Integer overflow in the php_filter_encode_url function in ext/filter/sanitizing_filters.c in PHP before 7.0.4 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a long string, leading to a heap-based buffer overflow. |
Affected by 99 other vulnerabilities. |
|
VCID-zxs3-pfnb-aaan
Aliases: CVE-2016-6294 |
The locale_accept_from_http function in ext/intl/locale/locale_methods.c in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9 does not properly restrict calls to the ICU uloc_acceptLanguageFromHTTP function, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a call with a long argument. |
Affected by 63 other vulnerabilities. |
|
VCID-zzgn-q57z-aaac
Aliases: CVE-2015-6832 |
Use-after-free vulnerability in the SPL unserialize implementation in ext/spl/spl_array.c in PHP before 5.4.44, 5.5.x before 5.5.28, and 5.6.x before 5.6.12 allows remote attackers to execute arbitrary code via crafted serialized data that triggers misuse of an array field. |
Affected by 119 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|