15 matches found
K95375529: PHP vulnerabilities CVE-2013-7456, CVE-2016-4343, and CVE-2016-5093
Security Advisory Description CVE-2013-7456 gdinterpolation.c in the GD Graphics Library aka libgd before 2.1.1, as used in PHP before 5.5.36, 5.6.x before 5.6.22, and 7.x before 7.0.7, allows remote attackers to cause a denial of service out-of-bounds read or possibly have unspecified other impa...
SUSE CVE-2016-4343
The pharmakedirstream function in ext/phar/dirstream.c in PHP before 5.6.18 and 7.x before 7.0.3 mishandles zero-size ././@LongLink files, which allows remote attackers to cause a denial of service uninitialized pointer dereference or possibly have unspecified other impact via a crafted TAR archi...
php -- multiple vulnerabilities
The PHP Group reports: Core: Fixed bug 72114 Integer underflow / arbitrary null write in fread/gzread. CVE-2016-5096 PHP 5.5/5.6 only Fixed bug 72135 Integer Overflow in phphtmlentities. CVE-2016-5094 PHP 5.5/5.6 only GD: Fixed bug 72227 imagescale out-of-bounds read. CVE-2013-7456 Intl: Fixed bu...
CVE-2016-4343
The pharmakedirstream function in ext/phar/dirstream.c in PHP before 5.6.18 and 7.x before 7.0.3 mishandles zero-size ././@LongLink files, which allows remote attackers to cause a denial of service uninitialized pointer dereference or possibly have unspecified other impact via a crafted TAR archi...
EUVD-2016-5343
The pharmakedirstream function in ext/phar/dirstream.c in PHP before 5.6.18 and 7.x before 7.0.3 mishandles zero-size ././@LongLink files, which allows remote attackers to cause a denial of service uninitialized pointer dereference or possibly have unspecified other impact via a crafted TAR archi...
CVE-2016-4343
Removed by vendor...
PHP 'phar_make_dirstream()' function denial of service vulnerability
PHP is an open source general-purpose computer scripting language. A security vulnerability in PHP's 'pharmakedirstream' function allows remote attackers to use the vulnerability to crash an application or execute arbitrary code...
PHP 7.0.x < 7.0.3 Multiple Vulnerabilities
According to its banner, the version of PHP running on the remote web server is 7.0.x prior to 7.0.3. It is, therefore, affected by multiple vulnerabilities : - The Perl-Compatible Regular Expressions PCRE library is affected by multiple vulnerabilities related to the handling of regular...
Internet Bug Bounty: Uninitialized pointer in phar_make_dirstream()
https://bugs.php.net/bug.php?id=71331...
Amazon Linux AMI : php56 (ALAS-2015-601)
As reported upstream, A NULL pointer dereference flaw was found in the way PHP's Phar extension parsed Phar archives. A specially crafted archive could cause PHP to crash. CVE-2015-7803 A flaw was discovered in the way PHP performed object unserialization. Specially crafted input processed by the...
Medium: php55
Issue Overview: As reported upstream https://bugs.php.net/bug.php?id=69720, A NULL pointer dereference flaw was found in the way PHP's Phar extension parsed Phar archives. A specially crafted archive could cause PHP to crash. CVE-2015-7803 A flaw was discovered in the way PHP performed object...
PHP 5.5.x < 5.5.30 / 5.6.x < 5.6.14 Multiple Vulnerabilities
Binary data 8956.prm...
PHP 5.6.x < 5.6.14 Multiple Vulnerabilities
According to its banner, the version of PHP running on the remote web server is 5.6.x prior to 5.6.14. It is, therefore, affected by multiple vulnerabilities : - A NULL pointer dereference flaw exists in the phargetfpoffset function in ext/phar/util.c that is triggered when pointing to a...
PHP 5.5.x < 5.5.30 Multiple Vulnerabilities
According to its banner, the version of PHP running on the remote web server is 5.5.x prior to 5.5.30. It is, therefore, affected by the following vulnerabilities : - A NULL pointer dereference flaw exists in the phargetfpoffset function in ext/phar/util.c that is triggered when pointing to a...
Internet Bug Bounty: Uninitialized pointer in phar_make_dirstream
https://bugs.php.net/bug.php?id=70433...