CVE-2016-5766

Integer overflow in the gd2GetHeader function in gdgd2.c in the GD Graphics Library aka libgd before 2.2.3, as used in PHP before 5.5.37, 5.6.x before 5.6.23, and 7.x before 7.0.8, allows remote attackers to cause a denial of service heap-based buffer overflow and application crash or possibly ha...

PHP 7.0.8 / 5.6.23 / 5.5.37 - bzread() Out-of-Bounds Write

Exploit for php platform in category dos / poc ''' PHP 7.0.8, 5.6.23 and 5.5.37 does not perform adequate error handling in its bzread' function: php-7.0.8/ext/bz2/bz2.c ,---- | 364 static PHPFUNCTIONbzread | 365 | ... | 382 ZSTRLENdata = phpstreamreadstream, ZSTRVALdata, ZSTRLENdata; | 383...

CVE-2016-5385

Removed by vendor...

CVE-2016-5769

Multiple integer overflows in mcrypt.c in the mcrypt extension in PHP before 5.5.37, 5.6.x before 5.6.23, and 7.x before 7.0.8 allow remote attackers to cause a denial of service heap-based buffer overflow and application crash or possibly have unspecified other impact via a crafted length value,...

Internet Bug Bounty: NULL Pointer Dereference at _gdScaleVert

Upstream bug reports https://bugs.php.net/bug.php?id=72407 Reported to PHP 2016-06-15 Patch: http://git.php.net/?p=php-src.git;a=commit;h=b9ec171e7d25879d97473ca50197c4207420c276 Fixed for PHP 5.5.37 security only mode http://php.net/ChangeLog-5.php5.5.37 Fixed for PHP 5.6.23...

Internet Bug Bounty: CVE-2015-8874 Stack overflow with imagefilltoborder

Reported in 2014 https://bugs.php.net/bug.php?id=66387 A variation was rediscovered this year and reported to PHP and LIBGD: https://bugs.php.net/bug.php?id=72350 https://github.com/libgd/libgd/issues/215 Patches for both issues:...