PHP 5.5.x < 5.5.21 / 5.6.x < 5.6.5 Multiple Vulnerabilities

PHP versions 5.5.x prior to 5.5.21, and 5.6.x prior to 5.6.5 are exposed to the following issues :

• A flaw exists in the ‘ereg(regex)’ component due to a NULL pointer dereference condition. Specifically, this issue affects the ‘/regex/regcomp.c’ source file. (Bug 68740)

• A use-after-free memory error exists in the ‘opcache’ component. Specifically, this issue affects the ‘/ext/opcache/zend_shared_alloc.c’ source file. (Bug 68677 / CVE-2015-1351)

• A flaw exists in the ‘zend_ts_hash_graceful_destroy’ function in the Zend Engine for PHP which exposes a double free vulnerability. Specifically, this issue affects the ‘zend_ts_hash.c’ source file. (Bug 68676 / CVE-2014-9425)

• A flaw exists in the ‘pgsql’ component due to a NULL pointer dereference condition. Specifically, this issue affects the ‘token’ parameter of the ‘/ext/pgsql/pgsql.c’ source file. (Bug 68697 / CVE-2015-1352)

A remote attacker could exploit these vulnerabilities to crash the affected application, denying service to legitimate users.

• An out-of-bounds read issue exists in the ‘GetCode_()’ function in ‘gd_gif_in.c’. This allows a remote attacker to disclose memory contents. (CVE-2014-9709)