CLSA-2026-1777540774 php: Fix of 4 CVEs

CVE-2018-14883: fix integer overflow leading to heap buffer overflow in exifthumbnailextract - CVE-2019-19246: fix heap buffer overflow in oniguruma strlowercasematch - CVE-2018-19518: disable imap rsh/ssh by default to prevent argument injection imap.enableinsecurersh INI added - CVE-2018-20783:...

php: Fix of 5 CVEs

CVE-2019-9023: mbstring oniguruma: fix heap overflow in utf32bembctocode and related mbctocode encoders bug 77418; completes CVE-2019-9023 coverage alongside existing php-5.3.29-bug773707737177381773827738577394.patch - CVE-2019-11034: exif: fix heap-buffer-overflow in phpifdget32s bug 77753 -...

MiracleLinux 9 : gstreamer1-plugins-bad-free-1.22.12-3.el9, gstreamer1-plugins-ugly-free-1.22.12-3.el9, gstreamer1-rtsp-server-1.22.12-3.el9, gstreamer1-1.22.12-3.el9 (AXSA:2025-10412:01)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2025-10412:01 advisory. gstreamer: EXIF Metadata Parsing Integer Overflow CVE-2024-4453 gstreamer: AV1 Video Parsing Stack-based Buffer Overflow CVE-2024-0444 Tenable has...

TencentOS Server 3: gstreamer1-plugins-base (TSSA-2024:0900)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2024:0900 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities:...

RLSA-2025:7178 Moderate: gstreamer1, gstreamer1-plugins-bad-free, gstreamer1-plugins-ugly-free, and gstreamer1-rtsp-server security update

The gstreamer1 packages contain a streaming media framework, based on graphs of filters which operate on media data. Security Fixes: gstreamer: EXIF Metadata Parsing Integer Overflow CVE-2024-4453 gstreamer: AV1 Video Parsing Stack-based Buffer Overflow CVE-2024-0444 For more details about the...

RockyLinux 9 : gstreamer1, gstreamer1-plugins-bad-free, gstreamer1-plugins-ugly-free, and gstreamer1-rtsp-server (RLSA-2025:7178)

The remote RockyLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2025:7178 advisory. gstreamer: EXIF Metadata Parsing Integer Overflow CVE-2024-4453 gstreamer: AV1 Video Parsing Stack-based Buffer Overflow CVE-2024-0444 Tenable has...

SUSE CVE-2005-1042

Integer overflow in the exifprocessIFDTAG function in exif.c in PHP before 4.3.11 may allow remote attackers to execute arbitrary code via an IFD tag that leads to a negative byte count...

SUSE CVE-2007-6353

Integer overflow in exif.cpp in exiv2 library allows context-dependent attackers to execute arbitrary code via a crafted EXIF file that triggers a heap-based buffer overflow...

SUSE CVE-2018-17088

The ProcessGpsInfo function of the gpsinfo.c file of jhead 3.00 may allow a remote attacker to cause a denial-of-service attack or unspecified other impact via a malicious JPEG file, because there is an integer overflow during a check for whether a location exceeds the EXIF data length. This is...

jhead 'process_EXIF' Function Integer Overflow Vulnerability Vulnerability

jhead is a tool for modifying JPEG file information. An integer overflow vulnerability exists in the 'processEXIF' function of the exif.c file in jhead version 3.00. A remote attacker can exploit this vulnerability to cause a denial of service with a malicious JPEG file...

php: integer overflow in exif_process_IFD_TAG() may lead to DoS or arbitrary memory disclosure

Integer overflow in the exifprocessIFDTAG function in exif.c in the exif extension in PHP 5.4.0beta2 on 32-bit platforms allows remote attackers to read the contents of arbitrary memory locations or cause a denial of service via a crafted offsetval value in an EXIF header in a JPEG file, a...