USN-7953-1: PHP vulnerabilities

It was discovered that PHP incorrectly handled memory while reading images in multi-chunk mode. An attacker could possibly use this issue to obtain sensitive information. This issue only affected Ubuntu 24.04 LTS, Ubuntu 25.04 and Ubuntu 25.10. CVE-2025-14177 It was discovered that PHP incorrectl...

USN-7953-1 php7.2, php7.4, php8.1, php8.3, php8.4 vulnerabilities

It was discovered that PHP incorrectly handled memory while reading images in multi-chunk mode. An attacker could possibly use this issue to obtain sensitive information. This issue only affected Ubuntu 24.04 LTS, Ubuntu 25.04 and Ubuntu 25.10. CVE-2025-14177 It was discovered that PHP incorrectl...

Medium: php

Issue Overview: The upstream advisory describes this issue as follows: A memory-related vulnerability in PHP's filter handling system, particularly when processing input with convert.quoted-printable-decode filters, leads to a segmentation fault. This vulnerability is triggered through specific...

SUSE CVE-2019-11048

In PHP versions 7.2.x below 7.2.31, 7.3.x below 7.3.18 and 7.4.x below 7.4.6, when HTTP file uploads are allowed, supplying overly long filenames or field names could lead PHP engine to try to allocate oversized memory storage, hit the memory limit and stop processing the request, without cleanin...

CLSA-2022-1658171795 Fixed CVE-2022-31625 in php

CVE-2022-31625: fix free of uninitialized memory leading to RCE...

UBUNTU-CVE-2019-11048

In PHP versions 7.2.x below 7.2.31, 7.3.x below 7.3.18 and 7.4.x below 7.4.6, when HTTP file uploads are allowed, supplying overly long filenames or field names could lead PHP engine to try to allocate oversized memory storage, hit the memory limit and stop processing the request, without cleanin...

PHP memory misreference vulnerability (CNVD-2018-24270)

PHP PHP: Hypertext Preprocessor is an open source general-purpose computer scripting language maintained by the PHP Group and the open source community. The language is mainly used for Web development and supports a variety of databases and operating systems. A security vulnerability exists in th...

php: Use after free in WDDX Deserialize when processing XML data

Use-after-free vulnerability in wddx.c in the WDDX extension in PHP before 5.5.33 and 5.6.x before 5.6.19 allows remote attackers to cause a denial of service memory corruption and application crash or possibly have unspecified other impact by triggering a wddxdeserialize call on XML data...

vBulletin Cyb - Advanced Forum Statistics Denial Of Service

Exploit Title: vBulletin "Cyb - Advanced Forum Statistics" DOS Date: 10-4-2010 Author: Andhra Hackers Software Link: Version: Web Application Tested on: Apcahe/Unix CVE : if exists Code : PHP crashes existed from a long time back and there were several issues which were a reason for that. 1PHP pa...

security flaw

Integer overflow in memory allocation routines in PHP before 5.1.6, when running on a 64-bit system, allows context-dependent attackers to bypass the memorylimit restriction...

PHP <= 4.3.7/ 5.0.0RC3 memory_limit Remote Exploit

Exploit for linux platform in category remote exploits ================================================== PHP = 4.3.7/ 5.0.0RC3 memorylimit Remote Exploit ================================================== / Remote exploit for the php memorylimit vulnerability found by Stefan Esser in php 4 = 4.3...

FreeBSD : php -- php_variables memory disclosure (145)

The following package needs to be updated: modphp4-twig %NASLMINLEVEL 999999 @DEPRECATED@ This script has been deprecated by freebsdpkgad74a1bd16d211d9bc4a000c41e2cdad.nasl. Disabled on 2011/10/02. C Tenable Network Security, Inc. This script contains information extracted from VuXML : Copyright...

PHP php_variables.c Multiple Variable Open Bracket Memory Disclosure

The remote host is running a version of PHP that is older than 5.0.2 or 4.39. The remote version of this software is affected by a memory disclosure vulnerability in PHPVariables. An attacker may exploit this flaw to remotely read portions of the memory of the httpd process on the remote host...

PHP memory corruption

Invalid exceptional conditions handling allows memory corruption leading to code execution...

php -- memory_limit related vulnerability

Stefan Esser of e-matters discovered a condition within PHP that may lead to remote execution of arbitrary code. The memorylimit facility is used to notify functions when memory contraints have been met. Under certain conditions, the entry into this facility is able to interrupt functions such as...

@&#40;#&#41;Mordred Labs advisory - Integer overflow in PHP memory allocator

//@ Mordred Security Labs advisory Release date: March 26, 2003 Name: Integer overflow in PHP memory allocator Versions affected: 4.3.2 Risk: very high Author: Sir Mordred [email protected], http://mslabs.iwebland.com I. Description: PHP is a widely-used general-purpose scripting language that i...