Search CVE reports
11 – 20 of 50 results
When using certain mbstring functions to convert multibyte encodings, in PHP versions 7.2.x below 7.2.27, 7.3.x below 7.3.14 and 7.4.x below 7.4.2 it is possible to supply data that will cause function mbfl_filt_conv_big5_wchar to...
4 affected packages
php5, php7.0, php7.2, php7.3
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
---|---|---|---|---|
php5 | — | — | — | Not in release |
php7.0 | — | — | — | Not in release |
php7.2 | — | — | — | Fixed |
php7.3 | — | — | — | Not in release |
When using fgetss() function to read data with stripping tags, in PHP versions 7.2.x below 7.2.27, 7.3.x below 7.3.14 and 7.4.x below 7.4.2 it is possible to supply data that will cause this function to read past the allocated...
4 affected packages
php5, php7.0, php7.2, php7.3
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
---|---|---|---|---|
php5 | — | — | — | Not in release |
php7.0 | — | — | — | Not in release |
php7.2 | — | — | — | Fixed |
php7.3 | — | — | — | Not in release |
An issue was discovered in PHP 7.x before 7.1.27 and 7.3.x before 7.3.3. phar_tar_writeheaders_int in ext/phar/tar.c has a buffer overflow via a long link value. NOTE: The vendor indicates that the link value is used only when an...
4 affected packages
php7.2, php5, php7.0, php7.3
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
---|---|---|---|---|
php7.2 | — | — | — | Fixed |
php5 | — | — | — | Not in release |
php7.0 | — | — | — | Not in release |
php7.3 | — | — | — | Not in release |
An issue was discovered in the EXIF component in PHP before 7.1.27, 7.2.x before 7.2.16, and 7.3.x before 7.3.3. There is an uninitialized read in exif_process_IFD_in_TIFF.
4 affected packages
php5, php7.0, php7.2, php7.3
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
---|---|---|---|---|
php5 | — | — | — | Not in release |
php7.0 | — | — | — | Not in release |
php7.2 | — | — | — | Fixed |
php7.3 | — | — | — | Not in release |
An issue was discovered in the EXIF component in PHP before 7.1.27, 7.2.x before 7.2.16, and 7.3.x before 7.3.3. There is an Invalid Read in exif_process_SOFn.
4 affected packages
php7.0, php5, php7.2, php7.3
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
---|---|---|---|---|
php7.0 | — | — | — | Not in release |
php5 | — | — | — | Not in release |
php7.2 | — | — | — | Fixed |
php7.3 | — | — | — | Not in release |
An issue was discovered in the EXIF component in PHP before 7.1.27, 7.2.x before 7.2.16, and 7.3.x before 7.3.3. There is an uninitialized read in exif_process_IFD_in_MAKERNOTE because of mishandling the data_len variable.
4 affected packages
php5, php7.0, php7.2, php7.3
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
---|---|---|---|---|
php5 | — | — | — | Not in release |
php7.0 | — | — | — | Not in release |
php7.2 | — | — | — | Fixed |
php7.3 | — | — | — | Not in release |
An issue was discovered in the EXIF component in PHP before 7.1.27, 7.2.x before 7.2.16, and 7.3.x before 7.3.3. There is an uninitialized read in exif_process_IFD_in_MAKERNOTE because of mishandling the...
4 affected packages
php7.3, php7.2, php5, php7.0
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
---|---|---|---|---|
php7.3 | — | — | — | Not in release |
php7.2 | — | — | — | Fixed |
php5 | — | — | — | Not in release |
php7.0 | — | — | — | Not in release |
An issue was discovered in PHP before 7.1.27, 7.2.x before 7.2.16, and 7.3.x before 7.3.3. Due to the way rename() across filesystems is implemented, it is possible that file being renamed is briefly available with wrong...
4 affected packages
php5, php7.0, php7.2, php7.3
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
---|---|---|---|---|
php5 | — | — | — | Not in release |
php7.0 | — | — | — | Not in release |
php7.2 | — | — | — | Fixed |
php7.3 | — | — | — | Not in release |
An issue was discovered in PHP 7.3.x before 7.3.1. An invalid multibyte string supplied as an argument to the mb_split() function in ext/mbstring/php_mbregex.c can cause PHP to execute memcpy() with a negative argument, which...
4 affected packages
php7.2, php7.3, php5, php7.0
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
---|---|---|---|---|
php7.2 | — | — | — | Not affected |
php7.3 | — | — | — | Not in release |
php5 | — | — | — | Not in release |
php7.0 | — | — | — | Not in release |
An issue was discovered in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1. xmlrpc_decode() can allow a hostile XMLRPC server to cause PHP to read memory outside of allocated areas...
4 affected packages
php5, php7.0, php7.2, php7.3
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
---|---|---|---|---|
php5 | — | — | — | Not in release |
php7.0 | — | — | — | Not in release |
php7.2 | — | — | — | Fixed |
php7.3 | — | — | — | Not in release |