PHP 5.4.x < 5.4.32 / 5.5.x < 5.5.16 Multiple Vulnerabilities

Versions of PHP 5.5.x earlier than 5.5.16, or PHP 5.4.x earlier than 5.4.32 are prone to multiple vulnerabilities, some of which include:

• LibGD contains a NULL pointer dereference flaw in the ‘gdxpm.c’ file, which could be leveraged to cause denial of service. (CVE-2014-2497)

• Denial of service related to an insufficient patch for CVE-2013-7345; it is still possible for an attacker to cause denial of service via a crafted input file that causes excessive matching by awk regular expression rules. (CVE-2014-3538)

• An integer overflow flaw exists in the ‘cdf.c’ file, which could be leveraged via a specially crafted CDF file to cause denial of service. (CVE-2014-3587)

• There are multiple buffer overflow flaws in the ‘dns.c’ file related to the ‘dns_get_record’ and ‘dn_expand’ functions. By using a specially crafted DNS record, a remote attacker could exploit these to cause a denial of service or execute arbitrary code. (CVE-2014-3597)

• Several use-after-free issues in the SPL component that could be leveraged to cause a denial of service. (CVE-2014-4670, CVE-2014-4698)

• There exist multiple flaws in the GD component within the ‘gd_ctx.c’ file where user-supplied input is not properly validated to ensure that pathnames lack %00 sequences. By using specially crafted input, a remote attacker could overwrite arbitrary files. (CVE-2014-5120)