rpm package
almalinux/php-intl
pkg:rpm/almalinux/php-intl
Vulnerabilities (87)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2020-7059 | — | < 7.3.20-1.module_el8.5.0+152+112d3b8c | 7.3.20-1.module_el8.5.0+152+112d3b8c | Feb 10, 2020 | When using fgetss() function to read data with stripping tags, in PHP versions 7.2.x below 7.2.27, 7.3.x below 7.3.14 and 7.4.x below 7.4.2 it is possible to supply data that will cause this function to read past the allocated buffer. This may lead to information disclosure or cr | ||
| CVE-2019-11050 | — | < 7.3.20-1.module_el8.5.0+152+112d3b8c | 7.3.20-1.module_el8.5.0+152+112d3b8c | Dec 23, 2019 | When PHP EXIF extension is parsing EXIF information from an image, e.g. via exif_read_data() function, in PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0 it is possible to supply it with data what will cause it to read past the allocated buffer. This may lead to inf | ||
| CVE-2019-11047 | — | < 7.3.20-1.module_el8.5.0+152+112d3b8c | 7.3.20-1.module_el8.5.0+152+112d3b8c | Dec 23, 2019 | When PHP EXIF extension is parsing EXIF information from an image, e.g. via exif_read_data() function, in PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0 it is possible to supply it with data what will cause it to read past the allocated buffer. This may lead to inf | ||
| CVE-2019-11045 | — | < 7.3.20-1.module_el8.5.0+152+112d3b8c | 7.3.20-1.module_el8.5.0+152+112d3b8c | Dec 23, 2019 | In PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0, PHP DirectoryIterator class accepts filenames with embedded \0 byte and treats them as terminating at that byte. This could lead to security vulnerabilities, e.g. in applications checking paths that the code is all | ||
| CVE-2019-19246 | — | < 7.3.20-1.module_el8.5.0+152+112d3b8c | 7.3.20-1.module_el8.5.0+152+112d3b8c | Nov 25, 2019 | Oniguruma through 6.9.3, as used in PHP 7.3.x and other products, has a heap-based buffer over-read in str_lower_case_match in regexec.c. | ||
| CVE-2019-19203 | — | < 7.3.20-1.module_el8.5.0+152+112d3b8c | 7.3.20-1.module_el8.5.0+152+112d3b8c | Nov 21, 2019 | An issue was discovered in Oniguruma 6.x before 6.9.4_rc2. In the function gb18030_mbc_enc_len in file gb18030.c, a UChar pointer is dereferenced without checking if it passed the end of the matched string. This leads to a heap-based buffer over-read. | ||
| CVE-2019-19204 | — | < 7.3.20-1.module_el8.5.0+152+112d3b8c | 7.3.20-1.module_el8.5.0+152+112d3b8c | Nov 21, 2019 | An issue was discovered in Oniguruma 6.x before 6.9.4_rc2. In the function fetch_interval_quantifier (formerly known as fetch_range_quantifier) in regparse.c, PFETCH is called without checking PEND. This leads to a heap-based buffer over-read. | ||
| CVE-2019-16163 | — | < 7.3.20-1.module_el8.5.0+152+112d3b8c | 7.3.20-1.module_el8.5.0+152+112d3b8c | Sep 9, 2019 | Oniguruma before 6.9.3 allows Stack Exhaustion in regcomp.c because of recursion in regparse.c. | ||
| CVE-2019-11042 | — | < 7.2.24-1.module_el8.5.0+53+9945c2af | 7.2.24-1.module_el8.5.0+53+9945c2af | Aug 9, 2019 | When PHP EXIF extension is parsing EXIF information from an image, e.g. via exif_read_data() function, in PHP versions 7.1.x below 7.1.31, 7.2.x below 7.2.21 and 7.3.x below 7.3.8 it is possible to supply it with data what will cause it to read past the allocated buffer. This may | ||
| CVE-2019-11041 | — | < 7.2.24-1.module_el8.5.0+53+9945c2af | 7.2.24-1.module_el8.5.0+53+9945c2af | Aug 9, 2019 | When PHP EXIF extension is parsing EXIF information from an image, e.g. via exif_read_data() function, in PHP versions 7.1.x below 7.1.31, 7.2.x below 7.2.21 and 7.3.x below 7.3.8 it is possible to supply it with data what will cause it to read past the allocated buffer. This may | ||
| CVE-2019-13224 | — | < 7.3.20-1.module_el8.5.0+152+112d3b8c | 7.3.20-1.module_el8.5.0+152+112d3b8c | Jul 10, 2019 | A use-after-free in onig_new_deluxe() in regext.c in Oniguruma 6.9.2 allows attackers to potentially cause information disclosure, denial of service, or possibly code execution by providing a crafted regular expression. The attacker provides a pair of a regex pattern and a string | ||
| CVE-2019-13225 | — | < 7.3.20-1.module_el8.5.0+152+112d3b8c | 7.3.20-1.module_el8.5.0+152+112d3b8c | Jul 10, 2019 | A NULL Pointer Dereference in match_at() in regexec.c in Oniguruma 6.9.2 allows attackers to potentially cause denial of service by providing a crafted regular expression. Oniguruma issues often affect Ruby, as well as common optional libraries for PHP and Rust. | ||
| CVE-2019-11040 | — | < 7.2.24-1.module_el8.5.0+53+9945c2af | 7.2.24-1.module_el8.5.0+53+9945c2af | Jun 18, 2019 | When PHP EXIF extension is parsing EXIF information from an image, e.g. via exif_read_data() function, in PHP versions 7.1.x below 7.1.30, 7.2.x below 7.2.19 and 7.3.x below 7.3.6 it is possible to supply it with data what will cause it to read past the allocated buffer. This may | ||
| CVE-2019-11039 | — | < 7.2.24-1.module_el8.5.0+53+9945c2af | 7.2.24-1.module_el8.5.0+53+9945c2af | Jun 18, 2019 | Function iconv_mime_decode_headers() in PHP versions 7.1.x below 7.1.30, 7.2.x below 7.2.19 and 7.3.x below 7.3.6 may perform out-of-buffer read due to integer overflow when parsing MIME headers. This may lead to information disclosure or crash. | ||
| CVE-2019-11036 | — | < 7.2.24-1.module_el8.5.0+53+9945c2af | 7.2.24-1.module_el8.5.0+53+9945c2af | May 3, 2019 | When processing certain files, PHP EXIF extension in versions 7.1.x below 7.1.29, 7.2.x below 7.2.18 and 7.3.x below 7.3.5 can be caused to read past allocated buffer in exif_process_IFD_TAG function. This may lead to information disclosure or crash. | ||
| CVE-2019-11035 | — | < 7.2.24-1.module_el8.5.0+53+9945c2af | 7.2.24-1.module_el8.5.0+53+9945c2af | Apr 18, 2019 | When processing certain files, PHP EXIF extension in versions 7.1.x below 7.1.28, 7.2.x below 7.2.17 and 7.3.x below 7.3.4 can be caused to read past allocated buffer in exif_iif_add_value function. This may lead to information disclosure or crash. | ||
| CVE-2019-11034 | — | < 7.2.24-1.module_el8.5.0+53+9945c2af | 7.2.24-1.module_el8.5.0+53+9945c2af | Apr 18, 2019 | When processing certain files, PHP EXIF extension in versions 7.1.x below 7.1.28, 7.2.x below 7.2.17 and 7.3.x below 7.3.4 can be caused to read past allocated buffer in exif_process_IFD_TAG function. This may lead to information disclosure or crash. | ||
| CVE-2019-9640 | — | < 7.2.24-1.module_el8.5.0+53+9945c2af | 7.2.24-1.module_el8.5.0+53+9945c2af | Mar 8, 2019 | An issue was discovered in the EXIF component in PHP before 7.1.27, 7.2.x before 7.2.16, and 7.3.x before 7.3.3. There is an Invalid Read in exif_process_SOFn. | ||
| CVE-2019-9639 | — | < 7.2.24-1.module_el8.5.0+53+9945c2af | 7.2.24-1.module_el8.5.0+53+9945c2af | Mar 8, 2019 | An issue was discovered in the EXIF component in PHP before 7.1.27, 7.2.x before 7.2.16, and 7.3.x before 7.3.3. There is an uninitialized read in exif_process_IFD_in_MAKERNOTE because of mishandling the data_len variable. | ||
| CVE-2019-9638 | — | < 7.2.24-1.module_el8.5.0+53+9945c2af | 7.2.24-1.module_el8.5.0+53+9945c2af | Mar 8, 2019 | An issue was discovered in the EXIF component in PHP before 7.1.27, 7.2.x before 7.2.16, and 7.3.x before 7.3.3. There is an uninitialized read in exif_process_IFD_in_MAKERNOTE because of mishandling the maker_note->offset relationship to value_len. |
- CVE-2020-7059Feb 10, 2020affected < 7.3.20-1.module_el8.5.0+152+112d3b8cfixed 7.3.20-1.module_el8.5.0+152+112d3b8c
When using fgetss() function to read data with stripping tags, in PHP versions 7.2.x below 7.2.27, 7.3.x below 7.3.14 and 7.4.x below 7.4.2 it is possible to supply data that will cause this function to read past the allocated buffer. This may lead to information disclosure or cr
- CVE-2019-11050Dec 23, 2019affected < 7.3.20-1.module_el8.5.0+152+112d3b8cfixed 7.3.20-1.module_el8.5.0+152+112d3b8c
When PHP EXIF extension is parsing EXIF information from an image, e.g. via exif_read_data() function, in PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0 it is possible to supply it with data what will cause it to read past the allocated buffer. This may lead to inf
- CVE-2019-11047Dec 23, 2019affected < 7.3.20-1.module_el8.5.0+152+112d3b8cfixed 7.3.20-1.module_el8.5.0+152+112d3b8c
When PHP EXIF extension is parsing EXIF information from an image, e.g. via exif_read_data() function, in PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0 it is possible to supply it with data what will cause it to read past the allocated buffer. This may lead to inf
- CVE-2019-11045Dec 23, 2019affected < 7.3.20-1.module_el8.5.0+152+112d3b8cfixed 7.3.20-1.module_el8.5.0+152+112d3b8c
In PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0, PHP DirectoryIterator class accepts filenames with embedded \0 byte and treats them as terminating at that byte. This could lead to security vulnerabilities, e.g. in applications checking paths that the code is all
- CVE-2019-19246Nov 25, 2019affected < 7.3.20-1.module_el8.5.0+152+112d3b8cfixed 7.3.20-1.module_el8.5.0+152+112d3b8c
Oniguruma through 6.9.3, as used in PHP 7.3.x and other products, has a heap-based buffer over-read in str_lower_case_match in regexec.c.
- CVE-2019-19203Nov 21, 2019affected < 7.3.20-1.module_el8.5.0+152+112d3b8cfixed 7.3.20-1.module_el8.5.0+152+112d3b8c
An issue was discovered in Oniguruma 6.x before 6.9.4_rc2. In the function gb18030_mbc_enc_len in file gb18030.c, a UChar pointer is dereferenced without checking if it passed the end of the matched string. This leads to a heap-based buffer over-read.
- CVE-2019-19204Nov 21, 2019affected < 7.3.20-1.module_el8.5.0+152+112d3b8cfixed 7.3.20-1.module_el8.5.0+152+112d3b8c
An issue was discovered in Oniguruma 6.x before 6.9.4_rc2. In the function fetch_interval_quantifier (formerly known as fetch_range_quantifier) in regparse.c, PFETCH is called without checking PEND. This leads to a heap-based buffer over-read.
- CVE-2019-16163Sep 9, 2019affected < 7.3.20-1.module_el8.5.0+152+112d3b8cfixed 7.3.20-1.module_el8.5.0+152+112d3b8c
Oniguruma before 6.9.3 allows Stack Exhaustion in regcomp.c because of recursion in regparse.c.
- CVE-2019-11042Aug 9, 2019affected < 7.2.24-1.module_el8.5.0+53+9945c2affixed 7.2.24-1.module_el8.5.0+53+9945c2af
When PHP EXIF extension is parsing EXIF information from an image, e.g. via exif_read_data() function, in PHP versions 7.1.x below 7.1.31, 7.2.x below 7.2.21 and 7.3.x below 7.3.8 it is possible to supply it with data what will cause it to read past the allocated buffer. This may
- CVE-2019-11041Aug 9, 2019affected < 7.2.24-1.module_el8.5.0+53+9945c2affixed 7.2.24-1.module_el8.5.0+53+9945c2af
When PHP EXIF extension is parsing EXIF information from an image, e.g. via exif_read_data() function, in PHP versions 7.1.x below 7.1.31, 7.2.x below 7.2.21 and 7.3.x below 7.3.8 it is possible to supply it with data what will cause it to read past the allocated buffer. This may
- CVE-2019-13224Jul 10, 2019affected < 7.3.20-1.module_el8.5.0+152+112d3b8cfixed 7.3.20-1.module_el8.5.0+152+112d3b8c
A use-after-free in onig_new_deluxe() in regext.c in Oniguruma 6.9.2 allows attackers to potentially cause information disclosure, denial of service, or possibly code execution by providing a crafted regular expression. The attacker provides a pair of a regex pattern and a string
- CVE-2019-13225Jul 10, 2019affected < 7.3.20-1.module_el8.5.0+152+112d3b8cfixed 7.3.20-1.module_el8.5.0+152+112d3b8c
A NULL Pointer Dereference in match_at() in regexec.c in Oniguruma 6.9.2 allows attackers to potentially cause denial of service by providing a crafted regular expression. Oniguruma issues often affect Ruby, as well as common optional libraries for PHP and Rust.
- CVE-2019-11040Jun 18, 2019affected < 7.2.24-1.module_el8.5.0+53+9945c2affixed 7.2.24-1.module_el8.5.0+53+9945c2af
When PHP EXIF extension is parsing EXIF information from an image, e.g. via exif_read_data() function, in PHP versions 7.1.x below 7.1.30, 7.2.x below 7.2.19 and 7.3.x below 7.3.6 it is possible to supply it with data what will cause it to read past the allocated buffer. This may
- CVE-2019-11039Jun 18, 2019affected < 7.2.24-1.module_el8.5.0+53+9945c2affixed 7.2.24-1.module_el8.5.0+53+9945c2af
Function iconv_mime_decode_headers() in PHP versions 7.1.x below 7.1.30, 7.2.x below 7.2.19 and 7.3.x below 7.3.6 may perform out-of-buffer read due to integer overflow when parsing MIME headers. This may lead to information disclosure or crash.
- CVE-2019-11036May 3, 2019affected < 7.2.24-1.module_el8.5.0+53+9945c2affixed 7.2.24-1.module_el8.5.0+53+9945c2af
When processing certain files, PHP EXIF extension in versions 7.1.x below 7.1.29, 7.2.x below 7.2.18 and 7.3.x below 7.3.5 can be caused to read past allocated buffer in exif_process_IFD_TAG function. This may lead to information disclosure or crash.
- CVE-2019-11035Apr 18, 2019affected < 7.2.24-1.module_el8.5.0+53+9945c2affixed 7.2.24-1.module_el8.5.0+53+9945c2af
When processing certain files, PHP EXIF extension in versions 7.1.x below 7.1.28, 7.2.x below 7.2.17 and 7.3.x below 7.3.4 can be caused to read past allocated buffer in exif_iif_add_value function. This may lead to information disclosure or crash.
- CVE-2019-11034Apr 18, 2019affected < 7.2.24-1.module_el8.5.0+53+9945c2affixed 7.2.24-1.module_el8.5.0+53+9945c2af
When processing certain files, PHP EXIF extension in versions 7.1.x below 7.1.28, 7.2.x below 7.2.17 and 7.3.x below 7.3.4 can be caused to read past allocated buffer in exif_process_IFD_TAG function. This may lead to information disclosure or crash.
- CVE-2019-9640Mar 8, 2019affected < 7.2.24-1.module_el8.5.0+53+9945c2affixed 7.2.24-1.module_el8.5.0+53+9945c2af
An issue was discovered in the EXIF component in PHP before 7.1.27, 7.2.x before 7.2.16, and 7.3.x before 7.3.3. There is an Invalid Read in exif_process_SOFn.
- CVE-2019-9639Mar 8, 2019affected < 7.2.24-1.module_el8.5.0+53+9945c2affixed 7.2.24-1.module_el8.5.0+53+9945c2af
An issue was discovered in the EXIF component in PHP before 7.1.27, 7.2.x before 7.2.16, and 7.3.x before 7.3.3. There is an uninitialized read in exif_process_IFD_in_MAKERNOTE because of mishandling the data_len variable.
- CVE-2019-9638Mar 8, 2019affected < 7.2.24-1.module_el8.5.0+53+9945c2affixed 7.2.24-1.module_el8.5.0+53+9945c2af
An issue was discovered in the EXIF component in PHP before 7.1.27, 7.2.x before 7.2.16, and 7.3.x before 7.3.3. There is an uninitialized read in exif_process_IFD_in_MAKERNOTE because of mishandling the maker_note->offset relationship to value_len.
Page 4 of 5