Search CVE reports
111 – 120 of 259 results
Some fixes available 15 of 26
gdImageClone in gd.c in libgd 2.1.0-rc2 through 2.2.5 has a NULL pointer dereference allowing attackers to crash an application via a specific function call sequence. Only affects PHP when linked with an external libgd (not bundled).
6 affected packages
libgd2, php5, php7.0, php7.2, doxygen, php7.3
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| libgd2 | Fixed | Fixed | Fixed | Fixed |
| php5 | Not in release | Not in release | Not in release | Not in release |
| php7.0 | Not in release | Not in release | Not in release | Not in release |
| php7.2 | Not in release | Not in release | Not in release | Not affected |
| doxygen | Vulnerable | Vulnerable | Vulnerable | Not affected |
| php7.3 | Not in release | Not in release | Not in release | Not in release |
exif_read_from_impl in ext/exif/exif.c in PHP 7.2.x through 7.2.7 allows attackers to trigger a use-after-free (in exif_read_from_file) because it closes a stream that it is not responsible for closing. The vulnerable code is...
4 affected packages
php7.2, php5, php7.0, php7.1
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| php7.2 | — | — | — | Fixed |
| php5 | — | — | — | Not in release |
| php7.0 | — | — | — | Not in release |
| php7.1 | — | — | — | Not in release |
An issue was discovered in PHP before 5.6.36, 7.0.x before 7.0.30, 7.1.x before 7.1.17, and 7.2.x before 7.2.5. exif_read_data in ext/exif/exif.c has an out-of-bounds read for crafted JPEG data because...
4 affected packages
php5, php7.0, php7.1, php7.2
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| php5 | — | — | — | Not in release |
| php7.0 | — | — | — | Not in release |
| php7.1 | — | — | — | Not in release |
| php7.2 | — | — | — | Fixed |
An issue was discovered in PHP before 5.6.36, 7.0.x before 7.0.30, 7.1.x before 7.1.17, and 7.2.x before 7.2.5. ext/ldap/ldap.c allows remote LDAP servers to cause a denial of service (NULL pointer dereference and application...
4 affected packages
php5, php7.0, php7.1, php7.2
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| php5 | — | — | — | Not in release |
| php7.0 | — | — | — | Not in release |
| php7.1 | — | — | — | Not in release |
| php7.2 | — | — | — | Fixed |
An issue was discovered in ext/phar/phar_object.c in PHP before 5.6.36, 7.0.x before 7.0.30, 7.1.x before 7.1.17, and 7.2.x before 7.2.5. There is Reflected XSS on the PHAR 403 and 404 error pages via request data of a request for...
4 affected packages
php5, php7.0, php7.1, php7.2
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| php5 | — | — | — | Not in release |
| php7.0 | — | — | — | Not in release |
| php7.1 | — | — | — | Not in release |
| php7.2 | — | — | — | Fixed |
An issue was discovered in PHP before 5.6.36, 7.0.x before 7.0.30, 7.1.x before 7.1.17, and 7.2.x before 7.2.5. An infinite loop exists in ext/iconv/iconv.c because the iconv stream filter does not reject invalid multibyte sequences.
4 affected packages
php5, php7.0, php7.1, php7.2
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| php5 | — | — | — | Not in release |
| php7.0 | — | — | — | Not in release |
| php7.1 | — | — | — | Not in release |
| php7.2 | — | — | — | Fixed |
An issue was discovered in PHP before 5.6.35, 7.0.x before 7.0.29, 7.1.x before 7.1.16, and 7.2.x before 7.2.4. Dumpable FPM child processes allow bypassing opcache access controls because fpm_unix.c makes a PR_SET_DUMPABLE prctl...
4 affected packages
php7.0, php7.1, php5, php7.2
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| php7.0 | — | — | — | Not in release |
| php7.1 | — | — | — | Not in release |
| php5 | — | — | — | Not in release |
| php7.2 | — | — | — | Fixed |
Libgd version 2.2.5 contains a Double Free Vulnerability vulnerability in gdImageBmpPtr Function that can result in Remote Code Execution . This attack appear to be exploitable via Specially Crafted Jpeg Image can trigger double...
4 affected packages
libgd2, php5, php7.0, php7.1
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| libgd2 | — | — | — | Fixed |
| php5 | — | — | — | Not in release |
| php7.0 | — | — | — | Not in release |
| php7.1 | — | — | — | Not in release |
Some fixes available 7 of 10
An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A SIGSEGV occurs in left_adjust_char_head() during regular expression compilation. Invalid handling of...
4 affected packages
libonig, php5, php7.0, php7.1
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| libonig | — | — | — | Fixed |
| php5 | — | — | — | Not in release |
| php7.0 | — | — | — | Not in release |
| php7.1 | — | — | — | Not in release |
Some fixes available 7 of 10
An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A heap out-of-bounds write occurs in bitset_set_range() during regular expression compilation due to an...
4 affected packages
php7.1, libonig, php5, php7.0
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| php7.1 | — | — | — | Not in release |
| libonig | — | — | — | Fixed |
| php5 | — | — | — | Not in release |
| php7.0 | — | — | — | Not in release |