php

Link package | bugs open | bugs closed | Wiki | GitHub | web search
Description A general-purpose scripting language that is especially suited to web development
Version 7.2.2-1 [extra]

Resolved

Group Affected Fixed Severity Status Ticket
AVG-152 7.0.9-1 7.0.10-1 High Fixed
AVG-105 7.0.13-1 7.1.1-0 High Fixed
AVG-58 7.0.12-2 7.0.13-1 High Fixed
Issue Group Severity Remote Type Description
CVE-2017-5340 AVG-105 High Yes Arbitrary code execution
It was found that PHP uses uninitialized memory during calls to `unserialize()`. The payload supplied to `unserialize()` may control this uninitialized...
CVE-2016-9936 AVG-105 High Yes Arbitrary code execution
The unserialize implementation in ext/standard/var.c in PHP 7.x before 7.0.14 allows remote attackers to cause a denial of service (use- after-free) or...
CVE-2016-9935 AVG-105 Medium Yes Denial of service
The php_wddx_push_element function in ext/wddx/wddx.c in PHP before 5.6.29 and 7.x before 7.0.14 allows remote attackers to cause a denial of service...
CVE-2016-9934 AVG-58 Medium Yes Denial of service
It has been discovered that ext/wddx/wddx.c in PHP before 5.6.28 and 7.x before 7.0.13 allows remote attackers to cause a denial of service (NULL pointer...
CVE-2016-9933 AVG-58 Medium Yes Denial of service
Stack consumption vulnerability has been discovered in the gdImageFillToBorder function in gd.c in the GD Graphics Library (aka libgd) before 2.2.2, as used...
CVE-2016-9138 AVG-58 High Yes Arbitrary code execution
PHP through 5.6.27 and 7.x through 7.0.12 mishandles property modification during __wakeup processing while unserializing, which allows remote attackers to...
CVE-2016-8670 AVG-58 High Yes Arbitrary code execution
A vulnerability was found in gd. Integer underflow in a calculation in dynamicGetbuf() was incorrectly handled, leading in some circumstances to an out of...
CVE-2016-7568 AVG-58 High Yes Arbitrary code execution
An integer overflow flaw, leading to a heap-based buffer overflow, was found in gd. A specially crafted image, when converted to webp, could cause the...
CVE-2016-7478 AVG-58 Medium Yes Denial of service
Zend/zend_exceptions.c in PHP, possibly 5.x before 5.6.28 and 7.x before 7.0.13, allows remote attackers to cause a denial of service (infinite loop) via a...
CVE-2016-7125 AVG-152 High Yes Access restriction bypass
It has been discovered that ext/session/session.c in PHP before 5.6.25 and 7.x before 7.0.10 skips invalid session names in a way that triggers incorrect...
CVE-2016-6911 AVG-58 Medium Yes Denial of service
A vulnerability was found in gd as used in php. The function dynamicGetbuf() failed to check for out of bounds reads. An attacker could create a crafted...

Advisories

Date Advisory Group Severity Description
19 Jan 2017 ASA-201701-28 AVG-105 High multiple issues
18 Nov 2016 ASA-201611-19 AVG-58 High multiple issues