SUSE SLES12 Security Update : php72 (SUSE-SU-2019:2270-1)

This update for php72 fixes the following issues : Security issues fixed : CVE-2019-11041: Fixed heap buffer over-read in exifscanthumbnail bsc1146360. CVE-2019-11042: Fixed heap buffer over-read in exifprocessusercomment bsc1145095. Note that Tenable Network Security has extracted the preceding...

Fedora 30 : php (2019-1d78e14cfd)

PHP version 7.3.4 04 April 2019 Core: - Fixed bug php77738 Nullptr deref in zendcompileexpr. Laruence - Fixed bug php77660 Segmentation fault on break 2147483648. Laruence - Fixed bug php77652 Anonymous classes can lose their interface information. Nikita - Fixed bug php77345 Stack Overflow cause...

PHP 5.6.x < 5.6.21 Multiple Vulnerabilities

According to its banner, the version of PHP running on the remote web server is 5.6.x prior to 5.6.21. It is, therefore, affected by multiple vulnerabilities : - A signedness error exists in the GD Graphics library within file gdgd2.c due to improper validation of user-supplied input when handlin...

openSUSE Security Update : php7 (openSUSE-2018-708)

This update for php7 fixes the following issues : - CVE-2018-12882: exifreadfromimpl allowed attackers to trigger a use-after-free in exifreadfromfile because it closed a stream that it is not responsible for closing bsc1099098 This update was imported from the SUSE:SLE-12:Update update project...

CVE-2016-6871

Integer overflow in bcmath in Facebook HHVM before 3.15.0 allows attackers to have unspecified impact via unknown vectors, which triggers a buffer overflow...

CVE-2016-6871

Integer overflow in bcmath in Facebook HHVM before 3.15.0 allows attackers to have unspecified impact via unknown vectors, which triggers a buffer overflow...

Integer overflow

Integer overflow in bcmath in Facebook HHVM before 3.15.0 allows attackers to have unspecified impact via unknown vectors, which triggers a buffer overflow...

UBUNTU-CVE-2016-6871

Integer overflow in bcmath in Facebook HHVM before 3.15.0 allows attackers to have unspecified impact via unknown vectors, which triggers a buffer overflow...

CVE-2016-6871

CVE-2016-6871: Integer overflow in Bcmath within Facebook HHVM before 3.15.0 can trigger a buffer overflow via unknown vectors, with unspecified impact. Affected product: Facebook HHVM (HipHop VM). Practical impact is described as overflow-related, but the exact exploit scenarios are not detailed...

php: bcpowmod accepts negative scale causing heap buffer overflow corrupting _one_ definition

The bcpowmod function in ext/bcmath/bcmath.c in PHP before 5.5.35, 5.6.x before 5.6.21, and 7.x before 7.0.6 accepts a negative integer for the scale argument, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted call...

php: bcpowmod accepts negative scale causing heap buffer overflow corrupting _one_ definition

The bcpowmod function in ext/bcmath/bcmath.c in PHP before 5.5.35, 5.6.x before 5.6.21, and 7.x before 7.0.6 modifies certain data structures without considering whether they are copies of the zero, one, or two global variable, which allows remote attackers to cause a denial of service or possibl...

Fedora 23 : php (2016-0729e59542)

13 Oct 2016 - PHP version 5.6.27 Core: - Fixed bug php73025 Heap Buffer Overflow in virtualpopen of zendvirtualcwd.c. cmb - Fixed bug php73058 crypt broken when salt is 'too' long. Anatol - Fixed bug php72703 Out of bounds global memory read in BFcrypt triggered by passwordverify. Anatol - Fixed...

PHP 7.0.x < 7.0.12 Multiple Vulnerabilities

According to its banner, the version of PHP running on the remote web server is 7.0.x prior to 7.0.12. It is, therefore, affected by multiple vulnerabilities : - A NULL pointer dereference flaw exists in the SimpleXMLElement::asXML function within file ext/simplexml/simplexml.c. An unauthenticate...

PHP 5.6.x < 5.6.27 Multiple Vulnerabilities

According to its banner, the version of PHP running on the remote web server is 5.6.x prior to 5.6.27. It is, therefore, affected by multiple vulnerabilities : - A NULL pointer dereference flaw exists in the SimpleXMLElement::asXML function within file ext/simplexml/simplexml.c. An unauthenticate...

PHP local heap overflow vulnerability threat-vulnerability warning-the black bar safety net

NULL-LIFE team of Fernando to the PHP official submit. PHP“bcmath. c”library in a local heap overflow vulnerability. 绿 盟 科技 安全 团队 发现 www.securityfocus.com website for PHP“bcmath. c”multiple local heap overflow vulnerability do to the update, which relates to the CVE number: CVE-2 0 1 6-4 5 3 7 an...

The vulnerability of the PHP interpreter, which allows attackers to trigger a service failure or exert other effects.

The vulnerability of the bcpowmod function ext/bcmath/bcmath.c in the PHP interpreter exists due to insufficient validation of input data. Exploiting this vulnerability could allow a malicious actor to cause service failures or potentially have other adverse effects through specially crafted call...

CVE-2016-4538

CVE-2016-4538 (PHP) : The bcpowmod function in ext/bcmath/bcmath.c can modify internal data structures by not accounting for whether they are copies of the zero , one , or two globals. A crafted call can cause denial of service or potentially other impacts. Affected: PHP versions before 5.5.35, 5...

Fedora 24 : php-5.6.21-1.fc24 (2016-f4e73663f4)

28 Apr 2016, PHP 5.6.21 Core: Fixed bug 69537 debugInfo with empty string for key gives error. krakjoe Fixed bug 71841 EGerrorzval is not handled well. Laruence BCmath: Fixed bug 72093 bcpowmod accepts negative scale and corrupts one definition. Stas Curl: Fixed bug 71831 CURLOPTNOPROXY applied a...

UBUNTU-CVE-2016-4537

The bcpowmod function in ext/bcmath/bcmath.c in PHP before 5.5.35, 5.6.x before 5.6.21, and 7.x before 7.0.6 accepts a negative integer for the scale argument, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted call...

UBUNTU-CVE-2016-4538

The bcpowmod function in ext/bcmath/bcmath.c in PHP before 5.5.35, 5.6.x before 5.6.21, and 7.x before 7.0.6 modifies certain data structures without considering whether they are copies of the zero, one, or two global variable, which allows remote attackers to cause a denial of service or possibl...