PHP 5.4.x < 5.4.40 / 5.5.x < 5.5.24 / 5.6.x < 5.6.8 Multiple Vulnerabilities

Versions of PHP 5.4.x earlier than 5.4.40, 5.5.x earlier than 5.5.24, or 5.6.x earlier than 5.6.8 are exposed to the following issues :

• An out-of-bounds read overflow error exists in the function ‘GetCode_()’ in file ‘gd_gif_in.c’ that allows denial of service attacks or disclosure of memory contents. (CVE-2014-9709)
• A use-after-free error exists in the OPcache extension in the ‘_zend_shared_memdup()’ function within the file ‘zend_shared_alloc.c’. A remote attacker can exploit this to cause a denial of service or possibly have other unspecified impact. (CVE-2015-1351)
• The function ‘build_tablename()’ in file ‘pgsql.c’ in the PostgreSQL extension does not properly validate token extraction for table names. A remote attacker, using a crafted name, can exploit this to cause a NULL pointer deference, leading to a denial of service. (CVE-2015-1352)
• A use-after-free error exists in the function ‘phar_rename_archive()’ in file ‘phar_object.c’. A remote attacker, by attempting to rename a phar archive to an already existing file name, can exploit this to cause a denial of service. (CVE-2015-2301)
• A buffer read overflow error exists in the Phar component due to user-supplied input not being validated properly when handling phar parsing during ‘unserialize()’ function calls. An attacker can exploit this to execute arbitrary code or cause a denial of service. (CVE-2015-2783)
• A buffer overflow flaw exists in the ‘phar_set_inode()’ function in file ‘phar_internal.h’ when handling archive files, such as tar, zip, or phar files. A remote attacker can exploit this to execute arbitrary code or cause a denial of service. (CVE-2015-3329)
• A flaw exists in the Apache2handler SAPI component, when handling pipelined HTTP requests, that a remote attacker can exploit to execute arbitrary code. (CVE-2015-3330)
• An information disclosure vulnerability exists because of a type confusion error. Specifically, this issue occurs when the ‘unserialize()’ function is used with SoapFault object’s ‘__toString()’ function. An attacker can exploit this issue to leak arbitrary memory blocks.
• A flaw exists in the ‘phar_parse_metadata()’ function in ‘ext/phar/phar.c’. The issue is triggered as user-supplied input is not properly validated when parsing a specially crafted TAR file. This may allow a remote attacker to corrupt memory and cause a denial of service or potentially execute arbitrary code. (CVE-2015-3307)
• A type confusion flaw exists in the ‘__toString()’ method in ‘incomplete_class.c’ that may allow a context-dependent attacker to leak arbitrary memory blocks or potentially cause a denial of service. (CVE-2015-4602)
• Multiple unspecified issues exist in ‘/soap/php_http.c’ and ‘/soap/php_encoding.c’. This may allow an attacker to have an unspecified impact. (CVE-2015-4601)
• A denial of service vulnerability affects Fine Free File, a common component used in PHP known as ‘file’. Specifically, this issue affects the source file ‘libmagic/softmagic.c’ because it fails to properly handle offsets that exceed ‘bytecnt’ or vice versa. (CVE-2015-4605)