AVG-58

Package php
Status Fixed
Severity High
Type multiple issues
Affected 7.0.12-2
Fixed 7.0.13-1
Current 7.2.6-1 [extra]
Ticket None
Created Tue Nov 1 17:03:05 2016
Issue Severity Remote Type Description
CVE-2016-9934 Medium Yes Denial of service
It has been discovered that ext/wddx/wddx.c in PHP before 5.6.28 and 7.x before 7.0.13 allows remote attackers to cause a denial of service (NULL pointer...
CVE-2016-9933 Medium Yes Denial of service
Stack consumption vulnerability has been discovered in the gdImageFillToBorder function in gd.c in the GD Graphics Library (aka libgd) before 2.2.2, as used...
CVE-2016-9138 High Yes Arbitrary code execution
PHP through 5.6.27 and 7.x through 7.0.12 mishandles property modification during __wakeup processing while unserializing, which allows remote attackers to...
CVE-2016-8670 High Yes Arbitrary code execution
A vulnerability was found in gd. Integer underflow in a calculation in dynamicGetbuf() was incorrectly handled, leading in some circumstances to an out of...
CVE-2016-7568 High Yes Arbitrary code execution
An integer overflow flaw, leading to a heap-based buffer overflow, was found in gd. A specially crafted image, when converted to webp, could cause the...
CVE-2016-7478 Medium Yes Denial of service
Zend/zend_exceptions.c in PHP, possibly 5.x before 5.6.28 and 7.x before 7.0.13, allows remote attackers to cause a denial of service (infinite loop) via a...
CVE-2016-6911 Medium Yes Denial of service
A vulnerability was found in gd as used in php. The function dynamicGetbuf() failed to check for out of bounds reads. An attacker could create a crafted...
Date Advisory Package Description
18 Nov 2016 ASA-201611-19 php multiple issues