CVE-2017-7890

A data leak was found in gdImageCreateFromGifCtx in GD Graphics Library used in PHP before 5.6.31 and 7.1.7. An attacker could craft a malicious GIF image and read up to 762 bytes from stack...

Internet Bug Bounty: PHP WDDX Deserialization Heap OOB Read in timelib_meridian()

Description: While deserializing an invalid dateTime value, wddxdeserialize would result in a heap out-of-bounds read in timelibmeridian. As wddxdeserialize is exposed to network data, and sometimes echo the results back to client, this issue could potentially allow remote peeking of the process...