28 matches found
Linux Distros Unpatched Vulnerability : CVE-2018-5711
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - gdgifin.c in the GD Graphics Library aka libgd, as used in PHP before 5.6.33, 7.0.x before 7.0.27, 7.1.x before 7.1.13, and 7.2.x before 7.2.1, has an integer...
K28464509: PHP vulnerability CVE-2018-7584
Security Advisory Description In PHP through 5.6.33, 7.0.x before 7.0.28, 7.1.x through 7.1.14, and 7.2.x through 7.2.2, there is a stack-based buffer under-read while parsing an HTTP response in the phpstreamurlwraphttpex function in ext/standard/httpfopenwrapper.c. This subsequently results in...
EulerOS 2.0 SP8 : gd (EulerOS-SA-2019-2074)
According to the version of the gd package installed, the EulerOS installation on the remote host is affected by the following vulnerability : - When using the gdImageCreateFromXbm function in the GD Graphics Library aka LibGD 2.2.5, as used in the PHP GD extension in PHP versions 7.1.x below...
PHP 7.1.x < 7.1.31 Multiple Vulnerabilities
According to its banner, the version of PHP running on the remote web server is 7.1.x prior to 7.1.31, 7.2.x prior to 7.2.21 or 7.3.x prior to 7.3.8. It is, therefore, affected by the following vulnerabilities: - A heap-based buffer overflow condition exists on exifscanthumbnail. An attacker can...
CVE-2019-11038
When using the gdImageCreateFromXbm function in the GD Graphics Library aka LibGD 2.2.5, as used in the PHP GD extension in PHP versions 7.1.x below 7.1.30, 7.2.x below 7.2.19 and 7.3.x below 7.3.6, it is possible to supply data that will cause the function to use the value of uninitialized...
Code injection
When using the gdImageCreateFromXbm function in the GD Graphics Library aka LibGD 2.2.5, as used in the PHP GD extension in PHP versions 7.1.x below 7.1.30, 7.2.x below 7.2.19 and 7.3.x below 7.3.6, it is possible to supply data that will cause the function to use the value of uninitialized...
CVE-2019-11038 Uninitialized read in gdImageCreateFromXbm
When using the gdImageCreateFromXbm function in the GD Graphics Library aka LibGD 2.2.5, as used in the PHP GD extension in PHP versions 7.1.x below 7.1.30, 7.2.x below 7.2.19 and 7.3.x below 7.3.6, it is possible to supply data that will cause the function to use the value of uninitialized...
CVE-2019-11038
CVE-2019-11038 affects the GD Graphics Library (LibGD) 2.2.5 as used in the PHP gd extension. The flaw arises in gdImageCreateFromXbm(), where input data can cause the function to use an uninitialized variable, potentially leaking contents from stack memory. Affected PHP branches are 7.1.x below ...
PHP 5.6.x < 5.6.40 Multiple vulnerabilities
According to its banner, the version of PHP running on the remote web server is 5.6.x prior to 5.6.40, 7.1.x prior to 7.1.26, 7.2.x prior to 7.2.14 or 7.3.x prior to 7.3.1. It is, therefore, affected by multiple vulnerabilities: - An integer underflow condition exists in gdContributionsAlloc...
PHP 7.1.x < 7.1.0 Multiple Vulnerabilities.
According to its banner, the version of PHP running on the remote web server is 7.1.x prior to 7.1.0. It is, therefore, affected by the following vulnerabilities: - A stack consumption condition exists in the gdImageFillToBorder function of the gd.c script within the GD Graphics Library libgd. An...
PHP 7.1.x < 7.1.20 exif_thumbnail_extract() DoS
According to its banner, the version of PHP running on the remote web server is 5.6.x prior to 5.6.37 or 7.1.x prior to 7.1.20. It is, therefore, affected by a denial of service vulnerability. Note that the scanner has not tested for these issues but has instead relied only on the application's...
PHP 7.1.x < 7.1.9 Heap User After Free Vulnerability
According to its banner, the version of PHP running on the remote web server is 7.0.x prior to 7.0.23 or 7.1.x prior to 7.1.9, therefore, affected by a heap user after free vulnerability when unserializing invalid array size. Note that the scanner has not tested for these issues but has instead...
PHP 7.1.x < 7.1.15 Stack Buffer Overflow
According to its banner, the version of PHP running on the remote web server is 7.1.x prior to 7.1.15. It is, therefore, affected by a stack buffer overflow vulnerability. Note that the scanner has not tested for these issues but has instead relied only on the application's self-reported version...
PHP 7.1.x < 7.1.7 Multiple Vulnerabilities
According to its banner, the version of PHP running on the remote web server is 7.1.x prior to 7.1.7. It is, therefore, affected by the following vulnerabilities : - An out-of-bounds read error exists in the GD Graphics Library LibGD in the gdImageCreateFromGifCtx function within file gdgifin.c...
PHP 7.1.x < 7.1.2 Multiple Vulnerabilities
According to its banner, the version of PHP running on the remote web server is 7.1.x prior to 7.1.2. It is, therefore, affected by the following vulnerabilities : - A denial of service vulnerability exists in mysqli.c due to a memory leak. An unauthenticated, remote attacker can exploit this to...
PHP 7.1.x < 7.1.6 Multiple Vulnerabilities
According to its banner, the version of PHP running on the remote web server is 7.1.x prior to 7.1.6. It is, therefore, affected by the following vulnerabilities : - A flaw exists in zendhashaddorupdatei within file main/phpini.c when handling a malformed php.ini file. An attacker can exploit thi...
PHP 7.1.x < 7.1.1 Multiple Vulnerabilities
According to its banner, the version of PHP running on the remote web server is 7.1.x prior to 7.1.1. It is, therefore, affected by the following vulnerabilities : - A use-after-free error exists that is triggered when handling unserialized object properties. An unauthenticated, remote attacker c...
CVE-2018-14884
An issue was discovered in PHP 7.0.x before 7.0.27, 7.1.x before 7.1.13, and 7.2.x before 7.2.1. Inappropriately parsing an HTTP response leads to a segmentation fault because httpheadervalue in ext/standard/httpfopenwrapper.c can be a NULL value that is mishandled in an atoi call...
CVE-2018-14851
exifprocessIFDinMAKERNOTE in ext/exif/exif.c in PHP before 5.6.37, 7.0.x before 7.0.31, 7.1.x before 7.1.20, and 7.2.x before 7.2.8 allows remote attackers to cause a denial of service out-of-bounds read and application crash via a crafted JPEG file...
PHP 7.1.x < 7.1.13 Multiple Vulnerabilities
According to its banner, the version of PHP running on the remote web server is 7.1.x prior to 7.1.13. It is, therefore, affected by the following vulnerabilities : - A denial of service DoS vulnerability exists in the imagecreatefromgif and imagecreatefromstring functions of the gdgifin.c script...