Internet Bug Bounty: Uninitialized read in gdImageCreateFromXbm

This bug is present in gdImageCreateFromXbm method of ext/gd/libgd/gdxbm.c file. This method contains below mentioned lines. c ... unsigned int b; ... sscanfh, "%x", &b; for bit = 1; bit = maxbit; bit = bit 1 gdImageSetPixelim, x++, y, b & bit ? 1 : 0; ... So when sscanf method is not able to rea...

PHP 7.1.x < 7.1.29 Heap-based Buffer Overflow Vulnerability.

According to its banner, the version of PHP running on the remote web server is 7.1.x prior to 7.1.29. It is, therefore, affected by a heap-based buffer over-read condition within estrndup of the exifprocessIFDTAG in the exif.c script. An unauthenticated, remote attacker can exploit this, to caus...