EUVD-2016-6706

splarray.c in the SPL extension in PHP before 5.5.37 and 5.6.x before 5.6.23 improperly interacts with the unserialize implementation and garbage collection, which allows remote attackers to execute arbitrary code or cause a denial of service use-after-free and application crash via crafted...

[SECURITY] Fedora 23 Update: php-5.6.24-1.fc23

PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated web pages. PHP also offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled webpage with PHP is...

PHP exif_process_user_comment Denial of Service Vulnerability

PHP is a widely used general-purpose scripting language that is particularly well suited for web development and can be embedded in HTML. A denial of service vulnerability exists in the ext/exif/exif.c/exifprocessusercomment function in versions prior to PHP 5.5.38, 5.6.x prior to 5.6.24, and 7.x...

PHP ext/session/session.c Denial of Service Vulnerability

PHP is a widely used general-purpose scripting language that is particularly well suited for web development and can be embedded in HTML. A denial of service vulnerability exists in PHP versions prior to 5.5.38, 5.6.x prior to 5.6.24, and 7.x prior to 7.0.9 in which the ext/session/session.c...

Vulnerability of PHP software, allowing a malicious actor to compromise the accessibility of protected information

The vulnerability in the gdImageCreateFromXpm function in gdxpm.c of the libgd library for PHP allows malicious actors to trigger a denial-of-service attack by using a specially crafted color table in the XPM file. This enables them to cause the application to abort by reassigning a null pointer...

PHP 'mcrypt_generic' function integer overflow vulnerability

PHP PHP: Hypertext Preprocessor is an open source general-purpose computer scripting language maintained by the PHP Group and the open source community. An integer overflow vulnerability exists in PHP's mcryptgeneric function, which can be exploited by an attacker to cause a heap buffer overflow...

PHP 'gdImagePaletteToTrueColor()' function integer overflow vulnerability

PHP PHP: Hypertext Preprocessor is an open source general-purpose computer scripting language maintained by the PHP Group and the open source community. An integer overflow vulnerability exists in PHP's gdImagePaletteToTrueColor function, which can be exploited by an attacker to cause a heap buff...

The vulnerability of the PHP interpreter, which allows a hacker to trigger a service failure

The vulnerability of the gdImageScaleTwoPass function in the gdinterpolation.c file in the GD Graphics Library’s PHP interpreter is related to the use of non-uniform definitions and memory release mechanisms. Exploiting this vulnerability could allow a remote attacker to trigger a service failure...

The vulnerability of the PHP interpreter allows a hacker to gain access to read files.

The vulnerability of the PHP interpreter lies in the lack of checks for the sequence “%00” in the path name. Exploiting this vulnerability allows an attacker, operating remotely, to read arbitrary files using specially crafted input data for the application that calls the function...

UBUNTU-CVE-2016-5093

The geticuvalueinternal function in ext/intl/locale/localemethods.c in PHP before 5.5.36, 5.6.x before 5.6.22, and 7.x before 7.0.7 does not ensure the presence of a '\0' character, which allows remote attackers to cause a denial of service out-of-bounds read or possibly have unspecified other...

UBUNTU-CVE-2016-5095

Integer overflow in the phpescapehtmlentitiesex function in ext/standard/html.c in PHP before 5.5.36 and 5.6.x before 5.6.22 allows remote attackers to cause a denial of service or possibly have unspecified other impact by triggering a large output string from a FILTERSANITIZEFULLSPECIALCHARS...

UBUNTU-CVE-2016-5116

gdxbm.c in the GD Graphics Library aka libgd before 2.2.0, as used in certain custom PHP 5.5.x configurations, allows context-dependent attackers to obtain sensitive information from process memory or cause a denial of service stack-based buffer under-read and application crash via a long name...

UBUNTU-CVE-2016-5096

Integer overflow in the fread function in ext/standard/file.c in PHP before 5.5.36 and 5.6.x before 5.6.22 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a large integer in the second argument...

PHP out-of-bounds read vulnerability

PHP PHP: Hypertext Preprocessor is an open source general-purpose computer scripting language maintained by the PHP Group and the open source community. The language supports multiple syntaxes, multiple databases and operating systems, and support for C, C++ for program extensions and so on. An...

PHP out-of-bounds read vulnerability (CNVD-2016-03663)

PHP PHP: Hypertext Preprocessor is an open source general-purpose computer scripting language maintained by the PHP Group and the open source community. The language supports multiple syntaxes, multiple databases and operating systems, and support for C, C++ for program extensions and so on. An...

PHP Denial of Service Vulnerability (CNVD-2016-03648)

PHP PHP: Hypertext Preprocessor, PHP: Hypertext Preprocessor is an open source general-purpose computer scripting language maintained by the PHP Group and the open source community. A security vulnerability exists in PHP's Zend/zendexceptions.c file. A remote attacker could exploit this...

PHP Denial of Service Vulnerability (CNVD-2016-03580)

PHP PHP: Hypertext Preprocessor is an open source general-purpose computer scripting language maintained by the PHP Group and the open source community. The language supports multiple syntaxes, multiple databases and operating systems, and support for C, C++ for program extensions and so on. A...

PHP GD Graphics Library Denial of Service Vulnerability

PHP PHP: Hypertext Preprocessor is an open source general-purpose computer scripting language maintained by the PHP Group and the open source community. The language supports multiple syntax , support for multiple databases and operating systems and support for C, C++ for program extensions , etc...

UBUNTU-CVE-2016-4345

Integer overflow in the phpfilterencodeurl function in ext/filter/sanitizingfilters.c in PHP before 7.0.4 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a long string, leading to a heap-based buffer overflow...

UBUNTU-CVE-2016-4344

Integer overflow in the xmlutf8encode function in ext/xml/xml.c in PHP before 7.0.4 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a long argument to the utf8encode function, leading to a heap-based buffer overflow...