Internet Bug Bounty: integer overflow in bzdecompress caused heap corruption

Please check: https://bugs.php.net/bug.php?id=72837...

Internet Bug Bounty: integer overflow in curl_escape caused heap corruption

Please check: https://bugs.php.net/bug.php?id=72807...

gd -- multiple vulnerabilities

Pierre Joye reports: fix php bug 72339, Integer Overflow in gd2GetHeader CVE-2016-5766 gd: Buffer over-read issue when parsing crafted TGA file CVE-2016-6132 Integer overflow error within gdContributionsAlloc CVE-2016-6207 fix php bug 72494, invalid color index not handled, can lead to crash...

Internet Bug Bounty: In correct casting from size_t to int lead to heap overflow in mcrypt_generic

https://bugs.php.net/bug.php?id=72551&edit=2...

Internet Bug Bounty: Use After Free/Double Free in Garbage Collection

https://bugs.php.net/bug.php?id=72605 I don't know if the bug is qualified. I reported this bug since php some guys added this commit: https://github.com/php/php-src/commit/1c84b55adea936b065a20102202bea3d1d243225 Then they had reverted this commit before PHP updates release:...

Internet Bug Bounty: Stack-based buffer overflow vulnerability in virtual_file_ex

https://bugs.php.net/bug.php?id=72513...

Internet Bug Bounty: Integer Overflow in gdImagePaletteToTrueColor() resulting in heap overflow

https://bugs.php.net/bug.php?id=72446...

Internet Bug Bounty: Integer Overflow/Heap Overflow in json_encode()/json_decode()

https://bugs.php.net/bug.php?id=72275...

Internet Bug Bounty: Out-of-bounds reads in zif_grapheme_stripos with negative offset

https://bugs.php.net/bug.php?id=72061 graphemestripos from the intl extension had a security issue when handling negative offsets, this allowed to read from arbitrary memory locations. Reported to developers on 2016-04-24, fixed 2016-04-29 and released at 2016-04-28, affected PHP 5.5 , 5.6 and 7...

Internet Bug Bounty: Null pointer deref (segfault) in stream_context_get_default

Similar to https://hackerone.com/reports/104006 and https://hackerone.com/reports/104005. https://bugs.php.net/bug.php?id=71884...

Internet Bug Bounty: Use-After-Free / Double-Free in WDDX Deserialize

https://bugs.php.net/bug.php?id=71587...

Internet Bug Bounty: Out-of-Bound Read in phar_parse_zipfile()

https://bugs.php.net/bug.php?id=71498...

Internet Bug Bounty: Stack overflow when decompressing tar archives

https://bugs.php.net/bug.php?id=71488...

Internet Bug Bounty: Null pointer deref with ob_start with get_defined_vars

https://bugs.php.net/bug.php?id=71221...

Internet Bug Bounty: Null pointer deref with ob_start with compact

https://bugs.php.net/bug.php?id=71220...

Internet Bug Bounty: Heap corruption in tar/zip/phar parser

https://bugs.php.net/bug.php?id=71354&edit=2...

Internet Bug Bounty: Uninitialized pointer in phar_make_dirstream()

https://bugs.php.net/bug.php?id=71331...

Internet Bug Bounty: Session WDDX Packet Deserialization Type Confusion Vulnerability

https://bugs.php.net/bug.php?id=70741...

Internet Bug Bounty: AddressSanitizer reports a global buffer overflow in mkgmtime() function

https://bugs.php.net/bug.php?id=68027...

Internet Bug Bounty: Uninitialized pointer in phar_make_dirstream

https://bugs.php.net/bug.php?id=70433...