VYPR

rpm package

almalinux/php-pecl-xdebug

pkg:rpm/almalinux/php-pecl-xdebug

Vulnerabilities (65)

  • CVE-2019-11041Aug 9, 2019
    affected < 2.8.0-1.module_el8.5.0+152+112d3b8cfixed 2.8.0-1.module_el8.5.0+152+112d3b8c

    When PHP EXIF extension is parsing EXIF information from an image, e.g. via exif_read_data() function, in PHP versions 7.1.x below 7.1.31, 7.2.x below 7.2.21 and 7.3.x below 7.3.8 it is possible to supply it with data what will cause it to read past the allocated buffer. This may

  • CVE-2019-13224Jul 10, 2019
    affected < 2.8.0-1.module_el8.5.0+152+112d3b8cfixed 2.8.0-1.module_el8.5.0+152+112d3b8c

    A use-after-free in onig_new_deluxe() in regext.c in Oniguruma 6.9.2 allows attackers to potentially cause information disclosure, denial of service, or possibly code execution by providing a crafted regular expression. The attacker provides a pair of a regex pattern and a string

  • CVE-2019-13225Jul 10, 2019
    affected < 2.8.0-1.module_el8.5.0+152+112d3b8cfixed 2.8.0-1.module_el8.5.0+152+112d3b8c

    A NULL Pointer Dereference in match_at() in regexec.c in Oniguruma 6.9.2 allows attackers to potentially cause denial of service by providing a crafted regular expression. Oniguruma issues often affect Ruby, as well as common optional libraries for PHP and Rust.

  • CVE-2019-11040Jun 18, 2019
    affected < 2.8.0-1.module_el8.5.0+152+112d3b8cfixed 2.8.0-1.module_el8.5.0+152+112d3b8c

    When PHP EXIF extension is parsing EXIF information from an image, e.g. via exif_read_data() function, in PHP versions 7.1.x below 7.1.30, 7.2.x below 7.2.19 and 7.3.x below 7.3.6 it is possible to supply it with data what will cause it to read past the allocated buffer. This may

  • CVE-2019-11039Jun 18, 2019
    affected < 2.8.0-1.module_el8.5.0+152+112d3b8cfixed 2.8.0-1.module_el8.5.0+152+112d3b8c

    Function iconv_mime_decode_headers() in PHP versions 7.1.x below 7.1.30, 7.2.x below 7.2.19 and 7.3.x below 7.3.6 may perform out-of-buffer read due to integer overflow when parsing MIME headers. This may lead to information disclosure or crash.

Page 4 of 4