rpm package
almalinux/php-pecl-rrd
pkg:rpm/almalinux/php-pecl-rrd
Vulnerabilities (73)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2019-11050 | — | < 2.0.1-1.module_el8.6.0+2750+78feabcb | 2.0.1-1.module_el8.6.0+2750+78feabcb | Dec 23, 2019 | When PHP EXIF extension is parsing EXIF information from an image, e.g. via exif_read_data() function, in PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0 it is possible to supply it with data what will cause it to read past the allocated buffer. This may lead to inf | ||
| CVE-2019-11047 | — | < 2.0.1-1.module_el8.6.0+2750+78feabcb | 2.0.1-1.module_el8.6.0+2750+78feabcb | Dec 23, 2019 | When PHP EXIF extension is parsing EXIF information from an image, e.g. via exif_read_data() function, in PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0 it is possible to supply it with data what will cause it to read past the allocated buffer. This may lead to inf | ||
| CVE-2019-11045 | — | < 2.0.1-1.module_el8.6.0+2750+78feabcb | 2.0.1-1.module_el8.6.0+2750+78feabcb | Dec 23, 2019 | In PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0, PHP DirectoryIterator class accepts filenames with embedded \0 byte and treats them as terminating at that byte. This could lead to security vulnerabilities, e.g. in applications checking paths that the code is all | ||
| CVE-2019-19246 | — | < 2.0.1-1.module_el8.6.0+2750+78feabcb | 2.0.1-1.module_el8.6.0+2750+78feabcb | Nov 25, 2019 | Oniguruma through 6.9.3, as used in PHP 7.3.x and other products, has a heap-based buffer over-read in str_lower_case_match in regexec.c. | ||
| CVE-2019-19203 | — | < 2.0.1-1.module_el8.6.0+2750+78feabcb | 2.0.1-1.module_el8.6.0+2750+78feabcb | Nov 21, 2019 | An issue was discovered in Oniguruma 6.x before 6.9.4_rc2. In the function gb18030_mbc_enc_len in file gb18030.c, a UChar pointer is dereferenced without checking if it passed the end of the matched string. This leads to a heap-based buffer over-read. | ||
| CVE-2019-19204 | — | < 2.0.1-1.module_el8.6.0+2750+78feabcb | 2.0.1-1.module_el8.6.0+2750+78feabcb | Nov 21, 2019 | An issue was discovered in Oniguruma 6.x before 6.9.4_rc2. In the function fetch_interval_quantifier (formerly known as fetch_range_quantifier) in regparse.c, PFETCH is called without checking PEND. This leads to a heap-based buffer over-read. | ||
| CVE-2019-16163 | — | < 2.0.1-1.module_el8.6.0+2750+78feabcb | 2.0.1-1.module_el8.6.0+2750+78feabcb | Sep 9, 2019 | Oniguruma before 6.9.3 allows Stack Exhaustion in regcomp.c because of recursion in regparse.c. | ||
| CVE-2019-11042 | — | < 2.0.1-1.module_el8.6.0+2750+78feabcb | 2.0.1-1.module_el8.6.0+2750+78feabcb | Aug 9, 2019 | When PHP EXIF extension is parsing EXIF information from an image, e.g. via exif_read_data() function, in PHP versions 7.1.x below 7.1.31, 7.2.x below 7.2.21 and 7.3.x below 7.3.8 it is possible to supply it with data what will cause it to read past the allocated buffer. This may | ||
| CVE-2019-11041 | — | < 2.0.1-1.module_el8.6.0+2750+78feabcb | 2.0.1-1.module_el8.6.0+2750+78feabcb | Aug 9, 2019 | When PHP EXIF extension is parsing EXIF information from an image, e.g. via exif_read_data() function, in PHP versions 7.1.x below 7.1.31, 7.2.x below 7.2.21 and 7.3.x below 7.3.8 it is possible to supply it with data what will cause it to read past the allocated buffer. This may | ||
| CVE-2019-13224 | — | < 2.0.1-1.module_el8.6.0+2750+78feabcb | 2.0.1-1.module_el8.6.0+2750+78feabcb | Jul 10, 2019 | A use-after-free in onig_new_deluxe() in regext.c in Oniguruma 6.9.2 allows attackers to potentially cause information disclosure, denial of service, or possibly code execution by providing a crafted regular expression. The attacker provides a pair of a regex pattern and a string | ||
| CVE-2019-13225 | — | < 2.0.1-1.module_el8.6.0+2750+78feabcb | 2.0.1-1.module_el8.6.0+2750+78feabcb | Jul 10, 2019 | A NULL Pointer Dereference in match_at() in regexec.c in Oniguruma 6.9.2 allows attackers to potentially cause denial of service by providing a crafted regular expression. Oniguruma issues often affect Ruby, as well as common optional libraries for PHP and Rust. | ||
| CVE-2019-11040 | — | < 2.0.1-1.module_el8.6.0+2750+78feabcb | 2.0.1-1.module_el8.6.0+2750+78feabcb | Jun 18, 2019 | When PHP EXIF extension is parsing EXIF information from an image, e.g. via exif_read_data() function, in PHP versions 7.1.x below 7.1.30, 7.2.x below 7.2.19 and 7.3.x below 7.3.6 it is possible to supply it with data what will cause it to read past the allocated buffer. This may | ||
| CVE-2019-11039 | — | < 2.0.1-1.module_el8.6.0+2750+78feabcb | 2.0.1-1.module_el8.6.0+2750+78feabcb | Jun 18, 2019 | Function iconv_mime_decode_headers() in PHP versions 7.1.x below 7.1.30, 7.2.x below 7.2.19 and 7.3.x below 7.3.6 may perform out-of-buffer read due to integer overflow when parsing MIME headers. This may lead to information disclosure or crash. |
- CVE-2019-11050Dec 23, 2019affected < 2.0.1-1.module_el8.6.0+2750+78feabcbfixed 2.0.1-1.module_el8.6.0+2750+78feabcb
When PHP EXIF extension is parsing EXIF information from an image, e.g. via exif_read_data() function, in PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0 it is possible to supply it with data what will cause it to read past the allocated buffer. This may lead to inf
- CVE-2019-11047Dec 23, 2019affected < 2.0.1-1.module_el8.6.0+2750+78feabcbfixed 2.0.1-1.module_el8.6.0+2750+78feabcb
When PHP EXIF extension is parsing EXIF information from an image, e.g. via exif_read_data() function, in PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0 it is possible to supply it with data what will cause it to read past the allocated buffer. This may lead to inf
- CVE-2019-11045Dec 23, 2019affected < 2.0.1-1.module_el8.6.0+2750+78feabcbfixed 2.0.1-1.module_el8.6.0+2750+78feabcb
In PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0, PHP DirectoryIterator class accepts filenames with embedded \0 byte and treats them as terminating at that byte. This could lead to security vulnerabilities, e.g. in applications checking paths that the code is all
- CVE-2019-19246Nov 25, 2019affected < 2.0.1-1.module_el8.6.0+2750+78feabcbfixed 2.0.1-1.module_el8.6.0+2750+78feabcb
Oniguruma through 6.9.3, as used in PHP 7.3.x and other products, has a heap-based buffer over-read in str_lower_case_match in regexec.c.
- CVE-2019-19203Nov 21, 2019affected < 2.0.1-1.module_el8.6.0+2750+78feabcbfixed 2.0.1-1.module_el8.6.0+2750+78feabcb
An issue was discovered in Oniguruma 6.x before 6.9.4_rc2. In the function gb18030_mbc_enc_len in file gb18030.c, a UChar pointer is dereferenced without checking if it passed the end of the matched string. This leads to a heap-based buffer over-read.
- CVE-2019-19204Nov 21, 2019affected < 2.0.1-1.module_el8.6.0+2750+78feabcbfixed 2.0.1-1.module_el8.6.0+2750+78feabcb
An issue was discovered in Oniguruma 6.x before 6.9.4_rc2. In the function fetch_interval_quantifier (formerly known as fetch_range_quantifier) in regparse.c, PFETCH is called without checking PEND. This leads to a heap-based buffer over-read.
- CVE-2019-16163Sep 9, 2019affected < 2.0.1-1.module_el8.6.0+2750+78feabcbfixed 2.0.1-1.module_el8.6.0+2750+78feabcb
Oniguruma before 6.9.3 allows Stack Exhaustion in regcomp.c because of recursion in regparse.c.
- CVE-2019-11042Aug 9, 2019affected < 2.0.1-1.module_el8.6.0+2750+78feabcbfixed 2.0.1-1.module_el8.6.0+2750+78feabcb
When PHP EXIF extension is parsing EXIF information from an image, e.g. via exif_read_data() function, in PHP versions 7.1.x below 7.1.31, 7.2.x below 7.2.21 and 7.3.x below 7.3.8 it is possible to supply it with data what will cause it to read past the allocated buffer. This may
- CVE-2019-11041Aug 9, 2019affected < 2.0.1-1.module_el8.6.0+2750+78feabcbfixed 2.0.1-1.module_el8.6.0+2750+78feabcb
When PHP EXIF extension is parsing EXIF information from an image, e.g. via exif_read_data() function, in PHP versions 7.1.x below 7.1.31, 7.2.x below 7.2.21 and 7.3.x below 7.3.8 it is possible to supply it with data what will cause it to read past the allocated buffer. This may
- CVE-2019-13224Jul 10, 2019affected < 2.0.1-1.module_el8.6.0+2750+78feabcbfixed 2.0.1-1.module_el8.6.0+2750+78feabcb
A use-after-free in onig_new_deluxe() in regext.c in Oniguruma 6.9.2 allows attackers to potentially cause information disclosure, denial of service, or possibly code execution by providing a crafted regular expression. The attacker provides a pair of a regex pattern and a string
- CVE-2019-13225Jul 10, 2019affected < 2.0.1-1.module_el8.6.0+2750+78feabcbfixed 2.0.1-1.module_el8.6.0+2750+78feabcb
A NULL Pointer Dereference in match_at() in regexec.c in Oniguruma 6.9.2 allows attackers to potentially cause denial of service by providing a crafted regular expression. Oniguruma issues often affect Ruby, as well as common optional libraries for PHP and Rust.
- CVE-2019-11040Jun 18, 2019affected < 2.0.1-1.module_el8.6.0+2750+78feabcbfixed 2.0.1-1.module_el8.6.0+2750+78feabcb
When PHP EXIF extension is parsing EXIF information from an image, e.g. via exif_read_data() function, in PHP versions 7.1.x below 7.1.30, 7.2.x below 7.2.19 and 7.3.x below 7.3.6 it is possible to supply it with data what will cause it to read past the allocated buffer. This may
- CVE-2019-11039Jun 18, 2019affected < 2.0.1-1.module_el8.6.0+2750+78feabcbfixed 2.0.1-1.module_el8.6.0+2750+78feabcb
Function iconv_mime_decode_headers() in PHP versions 7.1.x below 7.1.30, 7.2.x below 7.2.19 and 7.3.x below 7.3.6 may perform out-of-buffer read due to integer overflow when parsing MIME headers. This may lead to information disclosure or crash.
Page 4 of 4