VYPR

rpm package

almalinux/php-pdo

pkg:rpm/almalinux/php-pdo

Vulnerabilities (87)

  • CVE-2020-7059Feb 10, 2020
    affected < 7.3.20-1.module_el8.5.0+152+112d3b8cfixed 7.3.20-1.module_el8.5.0+152+112d3b8c

    When using fgetss() function to read data with stripping tags, in PHP versions 7.2.x below 7.2.27, 7.3.x below 7.3.14 and 7.4.x below 7.4.2 it is possible to supply data that will cause this function to read past the allocated buffer. This may lead to information disclosure or cr

  • CVE-2019-11050Dec 23, 2019
    affected < 7.3.20-1.module_el8.5.0+152+112d3b8cfixed 7.3.20-1.module_el8.5.0+152+112d3b8c

    When PHP EXIF extension is parsing EXIF information from an image, e.g. via exif_read_data() function, in PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0 it is possible to supply it with data what will cause it to read past the allocated buffer. This may lead to inf

  • CVE-2019-11047Dec 23, 2019
    affected < 7.3.20-1.module_el8.5.0+152+112d3b8cfixed 7.3.20-1.module_el8.5.0+152+112d3b8c

    When PHP EXIF extension is parsing EXIF information from an image, e.g. via exif_read_data() function, in PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0 it is possible to supply it with data what will cause it to read past the allocated buffer. This may lead to inf

  • CVE-2019-11045Dec 23, 2019
    affected < 7.3.20-1.module_el8.5.0+152+112d3b8cfixed 7.3.20-1.module_el8.5.0+152+112d3b8c

    In PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0, PHP DirectoryIterator class accepts filenames with embedded \0 byte and treats them as terminating at that byte. This could lead to security vulnerabilities, e.g. in applications checking paths that the code is all

  • CVE-2019-19246Nov 25, 2019
    affected < 7.3.20-1.module_el8.5.0+152+112d3b8cfixed 7.3.20-1.module_el8.5.0+152+112d3b8c

    Oniguruma through 6.9.3, as used in PHP 7.3.x and other products, has a heap-based buffer over-read in str_lower_case_match in regexec.c.

  • CVE-2019-19203Nov 21, 2019
    affected < 7.3.20-1.module_el8.5.0+152+112d3b8cfixed 7.3.20-1.module_el8.5.0+152+112d3b8c

    An issue was discovered in Oniguruma 6.x before 6.9.4_rc2. In the function gb18030_mbc_enc_len in file gb18030.c, a UChar pointer is dereferenced without checking if it passed the end of the matched string. This leads to a heap-based buffer over-read.

  • CVE-2019-19204Nov 21, 2019
    affected < 7.3.20-1.module_el8.5.0+152+112d3b8cfixed 7.3.20-1.module_el8.5.0+152+112d3b8c

    An issue was discovered in Oniguruma 6.x before 6.9.4_rc2. In the function fetch_interval_quantifier (formerly known as fetch_range_quantifier) in regparse.c, PFETCH is called without checking PEND. This leads to a heap-based buffer over-read.

  • CVE-2019-16163Sep 9, 2019
    affected < 7.3.20-1.module_el8.5.0+152+112d3b8cfixed 7.3.20-1.module_el8.5.0+152+112d3b8c

    Oniguruma before 6.9.3 allows Stack Exhaustion in regcomp.c because of recursion in regparse.c.

  • CVE-2019-11042Aug 9, 2019
    affected < 7.2.24-1.module_el8.4.0+2228+7c76a223fixed 7.2.24-1.module_el8.4.0+2228+7c76a223

    When PHP EXIF extension is parsing EXIF information from an image, e.g. via exif_read_data() function, in PHP versions 7.1.x below 7.1.31, 7.2.x below 7.2.21 and 7.3.x below 7.3.8 it is possible to supply it with data what will cause it to read past the allocated buffer. This may

  • CVE-2019-11041Aug 9, 2019
    affected < 7.2.24-1.module_el8.4.0+2228+7c76a223fixed 7.2.24-1.module_el8.4.0+2228+7c76a223

    When PHP EXIF extension is parsing EXIF information from an image, e.g. via exif_read_data() function, in PHP versions 7.1.x below 7.1.31, 7.2.x below 7.2.21 and 7.3.x below 7.3.8 it is possible to supply it with data what will cause it to read past the allocated buffer. This may

  • CVE-2019-13224Jul 10, 2019
    affected < 7.3.20-1.module_el8.5.0+152+112d3b8cfixed 7.3.20-1.module_el8.5.0+152+112d3b8c

    A use-after-free in onig_new_deluxe() in regext.c in Oniguruma 6.9.2 allows attackers to potentially cause information disclosure, denial of service, or possibly code execution by providing a crafted regular expression. The attacker provides a pair of a regex pattern and a string

  • CVE-2019-13225Jul 10, 2019
    affected < 7.3.20-1.module_el8.5.0+152+112d3b8cfixed 7.3.20-1.module_el8.5.0+152+112d3b8c

    A NULL Pointer Dereference in match_at() in regexec.c in Oniguruma 6.9.2 allows attackers to potentially cause denial of service by providing a crafted regular expression. Oniguruma issues often affect Ruby, as well as common optional libraries for PHP and Rust.

  • CVE-2019-11040Jun 18, 2019
    affected < 7.2.24-1.module_el8.4.0+2228+7c76a223fixed 7.2.24-1.module_el8.4.0+2228+7c76a223

    When PHP EXIF extension is parsing EXIF information from an image, e.g. via exif_read_data() function, in PHP versions 7.1.x below 7.1.30, 7.2.x below 7.2.19 and 7.3.x below 7.3.6 it is possible to supply it with data what will cause it to read past the allocated buffer. This may

  • CVE-2019-11039Jun 18, 2019
    affected < 7.2.24-1.module_el8.4.0+2228+7c76a223fixed 7.2.24-1.module_el8.4.0+2228+7c76a223

    Function iconv_mime_decode_headers() in PHP versions 7.1.x below 7.1.30, 7.2.x below 7.2.19 and 7.3.x below 7.3.6 may perform out-of-buffer read due to integer overflow when parsing MIME headers. This may lead to information disclosure or crash.

  • CVE-2019-11036May 3, 2019
    affected < 7.2.24-1.module_el8.4.0+2228+7c76a223fixed 7.2.24-1.module_el8.4.0+2228+7c76a223

    When processing certain files, PHP EXIF extension in versions 7.1.x below 7.1.29, 7.2.x below 7.2.18 and 7.3.x below 7.3.5 can be caused to read past allocated buffer in exif_process_IFD_TAG function. This may lead to information disclosure or crash.

  • CVE-2019-11035Apr 18, 2019
    affected < 7.2.24-1.module_el8.4.0+2228+7c76a223fixed 7.2.24-1.module_el8.4.0+2228+7c76a223

    When processing certain files, PHP EXIF extension in versions 7.1.x below 7.1.28, 7.2.x below 7.2.17 and 7.3.x below 7.3.4 can be caused to read past allocated buffer in exif_iif_add_value function. This may lead to information disclosure or crash.

  • CVE-2019-11034Apr 18, 2019
    affected < 7.2.24-1.module_el8.4.0+2228+7c76a223fixed 7.2.24-1.module_el8.4.0+2228+7c76a223

    When processing certain files, PHP EXIF extension in versions 7.1.x below 7.1.28, 7.2.x below 7.2.17 and 7.3.x below 7.3.4 can be caused to read past allocated buffer in exif_process_IFD_TAG function. This may lead to information disclosure or crash.

  • CVE-2019-9640Mar 8, 2019
    affected < 7.2.24-1.module_el8.4.0+2228+7c76a223fixed 7.2.24-1.module_el8.4.0+2228+7c76a223

    An issue was discovered in the EXIF component in PHP before 7.1.27, 7.2.x before 7.2.16, and 7.3.x before 7.3.3. There is an Invalid Read in exif_process_SOFn.

  • CVE-2019-9639Mar 8, 2019
    affected < 7.2.24-1.module_el8.4.0+2228+7c76a223fixed 7.2.24-1.module_el8.4.0+2228+7c76a223

    An issue was discovered in the EXIF component in PHP before 7.1.27, 7.2.x before 7.2.16, and 7.3.x before 7.3.3. There is an uninitialized read in exif_process_IFD_in_MAKERNOTE because of mishandling the data_len variable.

  • CVE-2019-9638Mar 8, 2019
    affected < 7.2.24-1.module_el8.4.0+2228+7c76a223fixed 7.2.24-1.module_el8.4.0+2228+7c76a223

    An issue was discovered in the EXIF component in PHP before 7.1.27, 7.2.x before 7.2.16, and 7.3.x before 7.3.3. There is an uninitialized read in exif_process_IFD_in_MAKERNOTE because of mishandling the maker_note->offset relationship to value_len.

Page 4 of 5