CVE-2019-6977

gdImageColorMatch in gdcolormatch.c in the GD Graphics Library aka LibGD 2.2.5, as used in the imagecolormatch function in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1, has a heap-based buffer overflow. This can be exploited by an attacker who is able to trigg...

CVE-2019-6977

gdImageColorMatch in gdcolormatch.c in the GD Graphics Library aka LibGD 2.2.5, as used in the imagecolormatch function in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1, has a heap-based buffer overflow. This can be exploited by an attacker who is able to trigg...

Fedora 28 : php (2019-a6511b0eed)

PHP version 7.2.14 10 Jan 2019 Core: - Fixed bug php77369 memcpy with negative length via crafted DNS response. Stas - Fixed bug php71041 zendsignalstartup needs ZENDAPI. Valentin V. Bartenev - Fixed bug php76046 PHP generates 'FEFREE' opcode on the wrong line. Nikita Date: - Fixed bug php77097...

Internet Bug Bounty: Use after free and out of bounds read in xmlrpc_decode()

Malformed input can lead to use after free and out of bounds memory errors. This has been fixed with the latest updates of PHP 7.1.26/7.2.14/7.3.1. Note: I reported those as separate bugs to PHP, but they had the same underlying bug and were fixed by the same commit. The release notes only mentio...