Search CVE reports
41 – 50 of 50 results
When processing certain files, PHP EXIF extension in versions 7.1.x below 7.1.29, 7.2.x below 7.2.18 and 7.3.x below 7.3.5 can be caused to read past allocated buffer in exif_process_IFD_TAG function. This may lead to information...
4 affected packages
php5, php7.0, php7.2, php7.3
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
---|---|---|---|---|
php5 | — | — | — | Not in release |
php7.0 | — | — | — | Not in release |
php7.2 | — | — | — | Fixed |
php7.3 | — | — | — | Not in release |
In PHP before 5.6.39, 7.x before 7.0.33, 7.1.x before 7.1.25, and 7.2.x before 7.2.13, a buffer over-read in PHAR reading functions may allow an attacker to read allocated or unallocated memory past the actual data when trying to...
4 affected packages
php5, php7.0, php7.2, php7.3
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
---|---|---|---|---|
php5 | — | — | — | Not in release |
php7.0 | — | — | — | Not in release |
php7.2 | — | — | — | Fixed |
php7.3 | — | — | — | Not in release |
ext/imap/php_imap.c in PHP 5.x and 7.x before 7.3.0 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an empty string in the message argument to the imap_mail function.
5 affected packages
php-imap, php5, php7.0, php7.2, php7.3
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
---|---|---|---|---|
php-imap | — | — | — | Not in release |
php5 | — | — | — | Not in release |
php7.0 | — | — | — | Not in release |
php7.2 | — | — | — | Fixed |
php7.3 | — | — | — | Not in release |
Some fixes available 9 of 10
University of Washington IMAP Toolkit 2007f on UNIX, as used in imap_open() in PHP and other products, launches an rsh command (by means of the imap_rimap function in c-client/imap4r1.c and the tcp_aopen function...
6 affected packages
php-imap, php5, php7.0, php7.2, php7.3, uw-imap
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
---|---|---|---|---|
php-imap | — | Not in release | Not in release | Not in release |
php5 | — | Not in release | Not in release | Not in release |
php7.0 | — | Not in release | Not in release | Not in release |
php7.2 | — | Not in release | Not in release | Fixed |
php7.3 | — | Not in release | Not in release | Not in release |
uw-imap | — | Not affected | Not affected | Fixed |
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2019-6978. Reason: This candidate is a reservation duplicate of CVE-2019-6978. Notes: All CVE users should reference CVE-2019-6978 instead of this candidate. All...
5 affected packages
libgd2, php5, php7.0, php7.2, php7.3
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
---|---|---|---|---|
libgd2 | — | — | — | Fixed |
php5 | — | — | — | Not in release |
php7.0 | — | — | — | Not in release |
php7.2 | — | — | — | Not affected |
php7.3 | — | — | — | Not in release |
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2019-6978. Reason: This candidate is a reservation duplicate of CVE-2019-6978. Notes: All CVE users should reference CVE-2019-6978 instead of this candidate. All...
5 affected packages
libgd2, php5, php7.0, php7.2, php7.3
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
---|---|---|---|---|
libgd2 | — | — | — | Fixed |
php5 | — | — | — | Not in release |
php7.0 | — | — | — | Not in release |
php7.2 | — | — | — | Not affected |
php7.3 | — | — | — | Not in release |
Some fixes available 15 of 26
gdImageClone in gd.c in libgd 2.1.0-rc2 through 2.2.5 has a NULL pointer dereference allowing attackers to crash an application via a specific function call sequence. Only affects PHP when linked with an external libgd (not bundled).
6 affected packages
libgd2, php5, php7.0, php7.2, doxygen, php7.3
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
---|---|---|---|---|
libgd2 | Fixed | Fixed | Fixed | Fixed |
php5 | Not in release | Not in release | Not in release | Not in release |
php7.0 | Not in release | Not in release | Not in release | Not in release |
php7.2 | Not in release | Not in release | Not in release | Not affected |
doxygen | Vulnerable | Vulnerable | Vulnerable | Not affected |
php7.3 | Not in release | Not in release | Not in release | Not in release |
main/streams/xp_socket.c in PHP 7.x before 2017-03-07 misparses fsockopen calls, such as by interpreting fsockopen('127.0.0.1:80', 443) as if the address/port were 127.0.0.1:80:443, which is later truncated to 127.0.0.1:80. This...
7 affected packages
php5, php7.4, php8.0, php8.1, php7.0...
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
---|---|---|---|---|
php5 | Not in release | Not in release | Not in release | Not in release |
php7.4 | Not in release | Not in release | Vulnerable | Not in release |
php8.0 | Not in release | Not in release | Not in release | Not in release |
php8.1 | Not in release | Vulnerable | Not in release | Not in release |
php7.0 | Not in release | Not in release | Not in release | Not in release |
php7.2 | Not in release | Not in release | Not in release | Vulnerable |
php7.3 | Not in release | Not in release | Not in release | Not in release |
Some fixes available 4 of 6
In the GD Graphics Library (aka LibGD) through 2.2.5, there is a heap-based buffer over-read in tiffWriter in gd_tiff.c. NOTE: the vendor says "In my opinion this issue should not have a CVE, since the GD and GD2 formats...
6 affected packages
libgd2, php5, php7.0, php7.2, php7.3, php7.4
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
---|---|---|---|---|
libgd2 | Not affected | Not affected | Fixed | Fixed |
php5 | Not in release | Not in release | Not in release | Not in release |
php7.0 | Not in release | Not in release | Not in release | Not in release |
php7.2 | Not in release | Not in release | Not in release | Not affected |
php7.3 | Not in release | Not in release | Not in release | Not in release |
php7.4 | Not in release | Not in release | Not affected | Not in release |
An issue was discovered in PHP 7.3.x before 7.3.0alpha3, 7.2.x before 7.2.8, and before 7.1.20. The php-fpm master process restarts a child process in an endless loop when using program execution functions (e.g., passthru, exec,...
4 affected packages
php5, php7.0, php7.2, php7.3
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
---|---|---|---|---|
php5 | — | Not in release | Not in release | Not in release |
php7.0 | — | Not in release | Not in release | Not in release |
php7.2 | — | Not in release | Not in release | Fixed |
php7.3 | — | Not in release | Not in release | Not in release |