Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Php
(Php)Repositories |
• https://github.com/php/php-src
• https://github.com/file/file • https://github.com/kkos/oniguruma • https://github.com/libgd/libgd • https://github.com/mysql/mysql-server |
#Vulnerabilities | 688 |
Date | Id | Summary | Products | Score | Patch | Annotated |
---|---|---|---|---|---|---|
2011-03-20 | CVE-2011-1471 | Integer signedness error in zip_stream.c in the Zip extension in PHP before 5.3.6 allows context-dependent attackers to cause a denial of service (CPU consumption) via a malformed archive file that triggers errors in zip_fread function calls. | Php | N/A | ||
2014-06-01 | CVE-2014-0237 | The cdf_unpack_summary_info function in cdf.c in the Fileinfo component in PHP before 5.4.29 and 5.5.x before 5.5.13 allows remote attackers to cause a denial of service (performance degradation) by triggering many file_printf calls. | Debian_linux, Php | N/A | ||
2014-07-03 | CVE-2014-3538 | file before 5.19 does not properly restrict the amount of data read during a regex search, which allows remote attackers to cause a denial of service (CPU consumption) via a crafted file that triggers backtracking during processing of an awk rule. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-7345. | File, Debian_linux, Php | N/A | ||
2014-07-06 | CVE-2014-4721 | The phpinfo implementation in ext/standard/info.c in PHP before 5.4.30 and 5.5.x before 5.5.14 does not ensure use of the string data type for the PHP_AUTH_PW, PHP_AUTH_TYPE, PHP_AUTH_USER, and PHP_SELF variables, which might allow context-dependent attackers to obtain sensitive information from process memory by using the integer data type with crafted values, related to a "type confusion" vulnerability, as demonstrated by reading a private SSL key in an Apache HTTP Server web-hosting... | Debian_linux, Php | N/A | ||
2014-07-10 | CVE-2014-4698 | Use-after-free vulnerability in ext/spl/spl_array.c in the SPL component in PHP through 5.5.14 allows context-dependent attackers to cause a denial of service or possibly have unspecified other impact via crafted ArrayIterator usage within applications in certain web-hosting environments. | Php | N/A | ||
2020-01-14 | CVE-2015-2326 | The pcre_compile2 function in PCRE before 8.37 allows context-dependent attackers to compile incorrect code and cause a denial of service (out-of-bounds read) via regular expression with a group containing both a forward referencing subroutine call and a recursive back reference, as demonstrated by "((?+1)(\1))/". | Mariadb, Opensuse, Pcre, Php | 5.5 | ||
2015-03-30 | CVE-2014-9709 | The GetCode_ function in gd_gif_in.c in GD 2.1.1 and earlier, as used in PHP before 5.5.21 and 5.6.x before 5.6.5, allows remote attackers to cause a denial of service (buffer over-read and application crash) via a crafted GIF image that is improperly handled by the gdImageCreateFromGif function. | Ubuntu_linux, Debian_linux, Libgd, Opensuse, Php | N/A | ||
2007-05-16 | CVE-2007-2727 | The mcrypt_create_iv function in ext/mcrypt/mcrypt.c in PHP before 4.4.7, 5.2.1, and possibly 5.0.x and other PHP 5 versions, calls php_rand_r with an uninitialized seed variable and therefore always generates the same initialization vector (IV), which might allow context-dependent attackers to decrypt certain data more easily because of the guessable encryption keys. | Php | N/A | ||
2014-02-18 | CVE-2014-1943 | Fine Free file before 5.17 allows context-dependent attackers to cause a denial of service (infinite recursion, CPU consumption, and crash) via a crafted indirect offset value in the magic of a file. | Ubuntu_linux, Debian_linux, Fine_free_file, Php | N/A | ||
2014-03-24 | CVE-2013-7345 | The BEGIN regular expression in the awk script detector in magic/Magdir/commands in file before 5.15 uses multiple wildcards with unlimited repetitions, which allows context-dependent attackers to cause a denial of service (CPU consumption) via a crafted ASCII file that triggers a large amount of backtracking, as demonstrated via a file with many newline characters. | File, Debian_linux, Php | N/A |