Search CVE reports


Toggle filters

41 – 50 of 50 results


CVE-2019-11036

Low priority
Fixed

When processing certain files, PHP EXIF extension in versions 7.1.x below 7.1.29, 7.2.x below 7.2.18 and 7.3.x below 7.3.5 can be caused to read past allocated buffer in exif_process_IFD_TAG function. This may lead to information...

4 affected packages

php5, php7.0, php7.2, php7.3

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
php5 Not in release
php7.0 Not in release
php7.2 Fixed
php7.3 Not in release
Show less packages

CVE-2018-20783

Low priority
Fixed

In PHP before 5.6.39, 7.x before 7.0.33, 7.1.x before 7.1.25, and 7.2.x before 7.2.13, a buffer over-read in PHAR reading functions may allow an attacker to read allocated or unallocated memory past the actual data when trying to...

4 affected packages

php5, php7.0, php7.2, php7.3

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
php5 Not in release
php7.0 Not in release
php7.2 Fixed
php7.3 Not in release
Show less packages

CVE-2018-19935

Medium priority
Fixed

ext/imap/php_imap.c in PHP 5.x and 7.x before 7.3.0 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an empty string in the message argument to the imap_mail function.

5 affected packages

php-imap, php5, php7.0, php7.2, php7.3

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
php-imap Not in release
php5 Not in release
php7.0 Not in release
php7.2 Fixed
php7.3 Not in release
Show less packages

CVE-2018-19518

Medium priority

Some fixes available 9 of 10

University of Washington IMAP Toolkit 2007f on UNIX, as used in imap_open() in PHP and other products, launches an rsh command (by means of the imap_rimap function in c-client/imap4r1.c and the tcp_aopen function...

6 affected packages

php-imap, php5, php7.0, php7.2, php7.3, uw-imap

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
php-imap Not in release Not in release Not in release
php5 Not in release Not in release Not in release
php7.0 Not in release Not in release Not in release
php7.2 Not in release Not in release Fixed
php7.3 Not in release Not in release Not in release
uw-imap Not affected Not affected Fixed
Show less packages

CVE-2018-15879

Medium priority
Fixed

Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2019-6978. Reason: This candidate is a reservation duplicate of CVE-2019-6978. Notes: All CVE users should reference CVE-2019-6978 instead of this candidate. All...

5 affected packages

libgd2, php5, php7.0, php7.2, php7.3

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
libgd2 Fixed
php5 Not in release
php7.0 Not in release
php7.2 Not affected
php7.3 Not in release
Show less packages

CVE-2018-15878

Medium priority
Fixed

Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2019-6978. Reason: This candidate is a reservation duplicate of CVE-2019-6978. Notes: All CVE users should reference CVE-2019-6978 instead of this candidate. All...

5 affected packages

libgd2, php5, php7.0, php7.2, php7.3

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
libgd2 Fixed
php5 Not in release
php7.0 Not in release
php7.2 Not affected
php7.3 Not in release
Show less packages

CVE-2018-14553

Low priority

Some fixes available 15 of 26

gdImageClone in gd.c in libgd 2.1.0-rc2 through 2.2.5 has a NULL pointer dereference allowing attackers to crash an application via a specific function call sequence. Only affects PHP when linked with an external libgd (not bundled).

6 affected packages

libgd2, php5, php7.0, php7.2, doxygen, php7.3

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
libgd2 Fixed Fixed Fixed Fixed
php5 Not in release Not in release Not in release Not in release
php7.0 Not in release Not in release Not in release Not in release
php7.2 Not in release Not in release Not in release Not affected
doxygen Vulnerable Vulnerable Vulnerable Not affected
php7.3 Not in release Not in release Not in release Not in release
Show less packages

CVE-2017-7189

Low priority
Vulnerable

main/streams/xp_socket.c in PHP 7.x before 2017-03-07 misparses fsockopen calls, such as by interpreting fsockopen('127.0.0.1:80', 443) as if the address/port were 127.0.0.1:80:443, which is later truncated to 127.0.0.1:80. This...

7 affected packages

php5, php7.4, php8.0, php8.1, php7.0...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
php5 Not in release Not in release Not in release Not in release
php7.4 Not in release Not in release Vulnerable Not in release
php8.0 Not in release Not in release Not in release Not in release
php8.1 Not in release Vulnerable Not in release Not in release
php7.0 Not in release Not in release Not in release Not in release
php7.2 Not in release Not in release Not in release Vulnerable
php7.3 Not in release Not in release Not in release Not in release
Show all 7 packages Show less packages

CVE-2017-6363

Low priority

Some fixes available 4 of 6

In the GD Graphics Library (aka LibGD) through 2.2.5, there is a heap-based buffer over-read in tiffWriter in gd_tiff.c. NOTE: the vendor says "In my opinion this issue should not have a CVE, since the GD and GD2 formats...

6 affected packages

libgd2, php5, php7.0, php7.2, php7.3, php7.4

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
libgd2 Not affected Not affected Fixed Fixed
php5 Not in release Not in release Not in release Not in release
php7.0 Not in release Not in release Not in release Not in release
php7.2 Not in release Not in release Not in release Not affected
php7.3 Not in release Not in release Not in release Not in release
php7.4 Not in release Not in release Not affected Not in release
Show less packages

CVE-2015-9253

Low priority
Fixed

An issue was discovered in PHP 7.3.x before 7.3.0alpha3, 7.2.x before 7.2.8, and before 7.1.20. The php-fpm master process restarts a child process in an endless loop when using program execution functions (e.g., passthru, exec,...

4 affected packages

php5, php7.0, php7.2, php7.3

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
php5 Not in release Not in release Not in release
php7.0 Not in release Not in release Not in release
php7.2 Not in release Not in release Fixed
php7.3 Not in release Not in release Not in release
Show less packages