Versions of PHP 5.5.x earlier than 5.5.16, or PHP 5.4.x earlier than 5.4.32 are prone to multiple vulnerabilities, some of which include:
LibGD contains a NULL pointer dereference flaw in the βgdxpm.cβ file, which could be leveraged to cause denial of service. (CVE-2014-2497)
Denial of service related to an insufficient patch for CVE-2013-7345; it is still possible for an attacker to cause denial of service via a crafted input file that causes excessive matching by awk regular expression rules. (CVE-2014-3538)
An integer overflow flaw exists in the βcdf.cβ file, which could be leveraged via a specially crafted CDF file to cause denial of service. (CVE-2014-3587)
There are multiple buffer overflow flaws in the βdns.cβ file related to the βdns_get_recordβ and βdn_expandβ functions. By using a specially crafted DNS record, a remote attacker could exploit these to cause a denial of service or execute arbitrary code. (CVE-2014-3597)
Several use-after-free issues in the SPL component that could be leveraged to cause a denial of service. (CVE-2014-4670, CVE-2014-4698)
There exist multiple flaws in the GD component within the βgd_ctx.cβ file where user-supplied input is not properly validated to ensure that pathnames lack %00 sequences. By using specially crafted input, a remote attacker could overwrite arbitrary files. (CVE-2014-5120)
Binary data 8360.prm
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2497
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3538
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3587
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3597
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4670
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4698
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5120
www.php.net/ChangeLog-5.php#5.4.32
www.php.net/ChangeLog-5.php#5.5.16
bugs.php.net/bug.php?id=66901
bugs.php.net/bug.php?id=67538
bugs.php.net/bug.php?id=67539
bugs.php.net/bug.php?id=67705
bugs.php.net/bug.php?id=67715
bugs.php.net/bug.php?id=67716
bugs.php.net/bug.php?id=67717
bugs.php.net/bug.php?id=67730