Fedora 25 : php (2016-03518b366b)

18 Aug 2016 PHP 7.0.10 Core: - Fixed bug php72629 Caught exception assignment to variables ignores references. Laruence - Fixed bug php72594 Calling an earlier instance of an included anonymous class fatals. Laruence - Fixed bug php72581 previous property undefined in Exception after...

Internet Bug Bounty: PHP Integer Overflow in gdImageWebpCtx

PHP Integer Overflow in gdImageWebpCtx 1. Affected Version + PHP 7.0.10 2. Credit This vulnerability was discovered by Ke Liu of Tencent's Xuanwu LAB. 3. Testing Environments + OS: Ubuntu + PHP: 7.0.10 + Compiler: Clang + CFLAGS: -g -O0 -fsanitize=address 4. PoC 5. Vulnerability Details...

Internet Bug Bounty: wddx_deserialize null dereference in php_wddx_pop_element

Upstream Bug --- https://bugs.php.net/bug.php?id=72799 Summary -- If we add an element to boolean leaf of XML struct, a null pointer dereference will happen when the element is popped. Source code: https://github.com/php/php-src/blob/PHP-5.6.24/ext/wddx/wddx.cL985 static void phpwddxpopelementvoi...

Internet Bug Bounty: imagegammacorrect allows arbitrary write access

Upstream Bug --- 2016-08-02 03:46 UTC https://bugs.php.net/bug.php?id=72730 Summary -- imagegammacorrect accepts two gamma values, if they don't have the same sign then the palette colors will be assigned values bigger than 0xFF, later this values are used to calculate the transparent color using...