GHSA-35WC-CVQG-78FP twig/intl-extra: Unbounded formatter memoisation in keyed on template-controlled arguments

Description IntlExtension memoises every \IntlDateFormatter and \NumberFormatter it creates in instance-level arrays keyed on a hash that includes locale, pattern, attrs and other values that are ordinary named arguments of the formatdatetime / formatdate / formattime / formatnumber /...

SUSE CVE-2011-1467

Unspecified vulnerability in the NumberFormatter::setSymbol aka numfmtsetsymbol function in the Intl extension in PHP before 5.3.6 allows context-dependent attackers to cause a denial of service application crash via an invalid argument, a related issue to CVE-2010-4409...

The vulnerability in the ext/intl/msgformat/msgformat_format.c component of the PHP language interpreter allows a attacker to cause a service failure.

The vulnerability of the ext/intl/msgformat/msgformatformat.c component of the PHP language interpreter arises due to buffer overflow. Exploiting this vulnerability could allow an attacker to cause a service failure by calling MessageFormatter::formatMessage...

php: OOB read in grapheme_stripos and grapheme_strpos when negative offset is used

The graphemestripos function in ext/intl/grapheme/graphemestring.c in PHP before 5.5.35, 5.6.x before 5.6.21, and 7.x before 7.0.6 allows remote attackers to cause a denial of service out-of-bounds read or possibly have unspecified other impact via a negative offset...

PHP Memory Misreference Vulnerability

PHP is a widely used general purpose scripting language. A memory misreference vulnerability exists in the function Collator::sortWithSortKeys in ext/intl/collator/collatorsort.c in version 7.x of PHP prior to 7.0.1, which can be exploited by a remote attacker to cause a denial of service...

PHP 5.5.x < 5.5.14 Multiple Vulnerabilities

According to its banner, the version of PHP 5.5.x installed on the remote host is a version prior to 5.5.14. It is, therefore, affected by the following vulnerabilities : - Boundary checking errors exist related to the Fileinfo extension, Composite Document Format CDF handling and the functions...

PHP 5.4.x < 5.4.30 Multiple Vulnerabilities

According to its banner, the version of PHP 5.4.x installed on the remote host is a version prior to 5.4.30. It is, therefore, affected by the following vulnerabilities : - Boundary checking errors exist related to the Fileinfo extension, Composite Document Format CDF handling and the functions...

Fedora Update for php-symfony2-Locale FEDORA-2013-22422

Check for the Version of php-symfony2-Locale OpenVAS Vulnerability Test Fedora Update for php-symfony2-Locale FEDORA-2013-22422 Authors: System Generated Check Copyright: Copyright C 2013 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/...

[SECURITY] Fedora 18 Update: php-symfony2-Locale-2.2.10-1.fc18

Locale component provides fallback code to handle cases when the intl exten sion is missing. Additionally it extends the implementation of a native Locale http://php.net/manual/en/class.locale.php class with several handy method s. Replacement for the following functions and classes is provided:...

USN-1126-1: PHP vulnerabilities

Stephane Chazelas discovered that the /etc/cron.d/php5 cron job for PHP 5.3.5 allows local users to delete arbitrary files via a symlink attack on a directory under /var/lib/php5/. CVE-2011-0441 Raphael Geisert and Dan Rosenberg discovered that the PEAR installer allows local users to overwrite...

CVE-2011-1467

Unspecified vulnerability in the NumberFormatter::setSymbol aka numfmtsetsymbol function in the Intl extension in PHP before 5.3.6 allows context-dependent attackers to cause a denial of service application crash via an invalid argument, a related issue to CVE-2010-4409...

Design/Logic Flaw

Unspecified vulnerability in the NumberFormatter::setSymbol aka numfmtsetsymbol function in the Intl extension in PHP before 5.3.6 allows context-dependent attackers to cause a denial of service application crash via an invalid argument, a related issue to CVE-2010-4409...

CVE-2011-1467

Unspecified vulnerability in the NumberFormatter::setSymbol aka numfmtsetsymbol function in the Intl extension in PHP before 5.3.6 allows context-dependent attackers to cause a denial of service application crash via an invalid argument, a related issue to CVE-2010-4409...

PHP 5.3.x Intl Extension - NumberFormatter::setSymbol() Denial of Service

PHP 5.3.x Intl Extension - NumberFormatter::setSymbol Denial of Service source: https://www.securityfocus.com/bid/46968/info PHP is prone to a remote denial-of-service vulnerability that affects the 'Intl' extension. Successful attacks will cause the application to crash, creating a...

PHP 5.3.x &#039;Intl&#039; Extension - &#039;NumberFormatter::setSymbol()&#039; Denial of Service

source: https://www.securityfocus.com/bid/46968/info PHP is prone to a remote denial-of-service vulnerability that affects the 'Intl' extension. Successful attacks will cause the application to crash, creating a denial-of-service condition. Due to the nature of this issue, arbitrary code-executio...

PHP 5.3.5 grapheme_extract&#40;&#41; NULL Pointer Dereference

PHP 5.3.5 graphemeextract NULL Pointer Dereference Author: Maksymilian Arciemowicz http://securityreason.com/ http://cxib.net/ Date: - Dis.: 09.12.2010 - Pub.: 17.02.2011 CVE: CVE-2011-0420 CERT: VU210829 Affected Software: - PHP 5.3.5 Fixed: SVN Original URL:...

PHP 5.3.5 - grapheme_extract() Null Pointer Dereference

PHP 5.3.5 - graphemeextract Null Pointer Dereference Source: http://securityreason.com/securityalert/8087 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 PHP 5.3.5 graphemeextract NULL Pointer Dereference Author: Maksymilian Arciemowicz http://securityreason.com/ http://cxib.net/ Date: - - Dis.:...