rpm package

opensuse/php7&distro=openSUSE Leap 15.0

pkg:rpm/opensuse/php7&distro=openSUSE%20Leap%2015.0

Vulnerabilities (21)

CVE	CVSS	KEV	Affected versions	Fixed in	Published	Description
CVE-2019-11043	—	KEV	< 7.2.5-lp150.2.29.2	7.2.5-lp150.2.29.2	Oct 28, 2019	In PHP versions 7.1.x below 7.1.33, 7.2.x below 7.2.24 and 7.3.x below 7.3.11 in certain configurations of FPM setup it is possible to cause FPM module to write past allocated buffers into the space reserved for FCGI protocol data, thus opening the possibility of remote code exec
CVE-2019-11042	—		< 7.2.5-lp150.2.25.1	7.2.5-lp150.2.25.1	Aug 9, 2019	When PHP EXIF extension is parsing EXIF information from an image, e.g. via exif_read_data() function, in PHP versions 7.1.x below 7.1.31, 7.2.x below 7.2.21 and 7.3.x below 7.3.8 it is possible to supply it with data what will cause it to read past the allocated buffer. This may
CVE-2019-11041	—		< 7.2.5-lp150.2.25.1	7.2.5-lp150.2.25.1	Aug 9, 2019	When PHP EXIF extension is parsing EXIF information from an image, e.g. via exif_read_data() function, in PHP versions 7.1.x below 7.1.31, 7.2.x below 7.2.21 and 7.3.x below 7.3.8 it is possible to supply it with data what will cause it to read past the allocated buffer. This may
CVE-2019-11040	—		< 7.2.5-lp151.6.6.1	7.2.5-lp151.6.6.1	Jun 18, 2019	When PHP EXIF extension is parsing EXIF information from an image, e.g. via exif_read_data() function, in PHP versions 7.1.x below 7.1.30, 7.2.x below 7.2.19 and 7.3.x below 7.3.6 it is possible to supply it with data what will cause it to read past the allocated buffer. This may
CVE-2019-11039	—		< 7.2.5-lp151.6.6.1	7.2.5-lp151.6.6.1	Jun 18, 2019	Function iconv_mime_decode_headers() in PHP versions 7.1.x below 7.1.30, 7.2.x below 7.2.19 and 7.3.x below 7.3.6 may perform out-of-buffer read due to integer overflow when parsing MIME headers. This may lead to information disclosure or crash.
CVE-2019-11036	—		< 7.2.5-lp150.2.19.1	7.2.5-lp150.2.19.1	May 3, 2019	When processing certain files, PHP EXIF extension in versions 7.1.x below 7.1.29, 7.2.x below 7.2.18 and 7.3.x below 7.3.5 can be caused to read past allocated buffer in exif_process_IFD_TAG function. This may lead to information disclosure or crash.
CVE-2019-11035	—		< 7.2.5-lp150.2.19.1	7.2.5-lp150.2.19.1	Apr 18, 2019	When processing certain files, PHP EXIF extension in versions 7.1.x below 7.1.28, 7.2.x below 7.2.17 and 7.3.x below 7.3.4 can be caused to read past allocated buffer in exif_iif_add_value function. This may lead to information disclosure or crash.
CVE-2019-11034	—		< 7.2.5-lp150.2.19.1	7.2.5-lp150.2.19.1	Apr 18, 2019	When processing certain files, PHP EXIF extension in versions 7.1.x below 7.1.28, 7.2.x below 7.2.17 and 7.3.x below 7.3.4 can be caused to read past allocated buffer in exif_process_IFD_TAG function. This may lead to information disclosure or crash.
CVE-2019-9675	—		< 7.2.5-lp150.2.19.1	7.2.5-lp150.2.19.1	Mar 11, 2019	An issue was discovered in PHP 7.x before 7.1.27 and 7.3.x before 7.3.3. phar_tar_writeheaders_int in ext/phar/tar.c has a buffer overflow via a long link value. NOTE: The vendor indicates that the link value is used only when an archive contains a symlink, which currently cannot
CVE-2019-9641	—		< 7.2.5-lp150.2.19.1	7.2.5-lp150.2.19.1	Mar 8, 2019	An issue was discovered in the EXIF component in PHP before 7.1.27, 7.2.x before 7.2.16, and 7.3.x before 7.3.3. There is an uninitialized read in exif_process_IFD_in_TIFF.
CVE-2019-9640	—		< 7.2.5-lp150.2.19.1	7.2.5-lp150.2.19.1	Mar 8, 2019	An issue was discovered in the EXIF component in PHP before 7.1.27, 7.2.x before 7.2.16, and 7.3.x before 7.3.3. There is an Invalid Read in exif_process_SOFn.
CVE-2019-9639	—		< 7.2.5-lp150.2.19.1	7.2.5-lp150.2.19.1	Mar 8, 2019	An issue was discovered in the EXIF component in PHP before 7.1.27, 7.2.x before 7.2.16, and 7.3.x before 7.3.3. There is an uninitialized read in exif_process_IFD_in_MAKERNOTE because of mishandling the data_len variable.
CVE-2019-9638	—		< 7.2.5-lp150.2.19.1	7.2.5-lp150.2.19.1	Mar 8, 2019	An issue was discovered in the EXIF component in PHP before 7.1.27, 7.2.x before 7.2.16, and 7.3.x before 7.3.3. There is an uninitialized read in exif_process_IFD_in_MAKERNOTE because of mishandling the maker_note->offset relationship to value_len.
CVE-2019-9637	—		< 7.2.5-lp150.2.19.1	7.2.5-lp150.2.19.1	Mar 8, 2019	An issue was discovered in PHP before 7.1.27, 7.2.x before 7.2.16, and 7.3.x before 7.3.3. Due to the way rename() across filesystems is implemented, it is possible that file being renamed is briefly available with wrong permissions while the rename is ongoing, thus enabling unau
CVE-2019-9024	—		< 7.2.5-lp150.2.19.1	7.2.5-lp150.2.19.1	Feb 22, 2019	An issue was discovered in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1. xmlrpc_decode() can allow a hostile XMLRPC server to cause PHP to read memory outside of allocated areas in base64_decode_xmlrpc in ext/xmlrpc/libxmlrpc/base64.c.
CVE-2019-9023	—		< 7.2.5-lp150.2.19.1	7.2.5-lp150.2.19.1	Feb 22, 2019	An issue was discovered in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1. A number of heap-based buffer over-read instances are present in mbstring regular expression functions when supplied with invalid multibyte data. These occur in ext/mbstr
CVE-2019-9022	—		< 7.2.5-lp150.2.19.1	7.2.5-lp150.2.19.1	Feb 22, 2019	An issue was discovered in PHP 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.2. dns_get_record misparses a DNS response, which can allow a hostile DNS server to cause PHP to misuse memcpy, leading to read operations going past the buffer allocated for DNS data. Thi
CVE-2019-9021	—		< 7.2.5-lp150.2.19.1	7.2.5-lp150.2.19.1	Feb 22, 2019	An issue was discovered in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1. A heap-based buffer over-read in PHAR reading functions in the PHAR extension may allow an attacker to read allocated or unallocated memory past the actual data when tryi
CVE-2019-9020	—		< 7.2.5-lp150.2.19.1	7.2.5-lp150.2.19.1	Feb 22, 2019	An issue was discovered in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1. Invalid input to the function xmlrpc_decode() can lead to an invalid memory access (heap out of bounds read or read after free). This is related to xml_elem_parse_buf in
CVE-2018-20783	—		< 7.2.5-lp150.2.19.1	7.2.5-lp150.2.19.1	Feb 21, 2019	In PHP before 5.6.39, 7.x before 7.0.33, 7.1.x before 7.1.25, and 7.2.x before 7.2.13, a buffer over-read in PHAR reading functions may allow an attacker to read allocated or unallocated memory past the actual data when trying to parse a .phar file. This is related to phar_parse_

CVE-2019-11043KEVOct 28, 2019
affected < 7.2.5-lp150.2.29.2fixed 7.2.5-lp150.2.29.2
In PHP versions 7.1.x below 7.1.33, 7.2.x below 7.2.24 and 7.3.x below 7.3.11 in certain configurations of FPM setup it is possible to cause FPM module to write past allocated buffers into the space reserved for FCGI protocol data, thus opening the possibility of remote code exec
CVE-2019-11042Aug 9, 2019
affected < 7.2.5-lp150.2.25.1fixed 7.2.5-lp150.2.25.1
When PHP EXIF extension is parsing EXIF information from an image, e.g. via exif_read_data() function, in PHP versions 7.1.x below 7.1.31, 7.2.x below 7.2.21 and 7.3.x below 7.3.8 it is possible to supply it with data what will cause it to read past the allocated buffer. This may
CVE-2019-11041Aug 9, 2019
affected < 7.2.5-lp150.2.25.1fixed 7.2.5-lp150.2.25.1
When PHP EXIF extension is parsing EXIF information from an image, e.g. via exif_read_data() function, in PHP versions 7.1.x below 7.1.31, 7.2.x below 7.2.21 and 7.3.x below 7.3.8 it is possible to supply it with data what will cause it to read past the allocated buffer. This may
CVE-2019-11040Jun 18, 2019
affected < 7.2.5-lp151.6.6.1fixed 7.2.5-lp151.6.6.1
When PHP EXIF extension is parsing EXIF information from an image, e.g. via exif_read_data() function, in PHP versions 7.1.x below 7.1.30, 7.2.x below 7.2.19 and 7.3.x below 7.3.6 it is possible to supply it with data what will cause it to read past the allocated buffer. This may
CVE-2019-11039Jun 18, 2019
affected < 7.2.5-lp151.6.6.1fixed 7.2.5-lp151.6.6.1
Function iconv_mime_decode_headers() in PHP versions 7.1.x below 7.1.30, 7.2.x below 7.2.19 and 7.3.x below 7.3.6 may perform out-of-buffer read due to integer overflow when parsing MIME headers. This may lead to information disclosure or crash.
CVE-2019-11036May 3, 2019
affected < 7.2.5-lp150.2.19.1fixed 7.2.5-lp150.2.19.1
When processing certain files, PHP EXIF extension in versions 7.1.x below 7.1.29, 7.2.x below 7.2.18 and 7.3.x below 7.3.5 can be caused to read past allocated buffer in exif_process_IFD_TAG function. This may lead to information disclosure or crash.
CVE-2019-11035Apr 18, 2019
affected < 7.2.5-lp150.2.19.1fixed 7.2.5-lp150.2.19.1
When processing certain files, PHP EXIF extension in versions 7.1.x below 7.1.28, 7.2.x below 7.2.17 and 7.3.x below 7.3.4 can be caused to read past allocated buffer in exif_iif_add_value function. This may lead to information disclosure or crash.
CVE-2019-11034Apr 18, 2019
affected < 7.2.5-lp150.2.19.1fixed 7.2.5-lp150.2.19.1
When processing certain files, PHP EXIF extension in versions 7.1.x below 7.1.28, 7.2.x below 7.2.17 and 7.3.x below 7.3.4 can be caused to read past allocated buffer in exif_process_IFD_TAG function. This may lead to information disclosure or crash.
CVE-2019-9675Mar 11, 2019
affected < 7.2.5-lp150.2.19.1fixed 7.2.5-lp150.2.19.1
An issue was discovered in PHP 7.x before 7.1.27 and 7.3.x before 7.3.3. phar_tar_writeheaders_int in ext/phar/tar.c has a buffer overflow via a long link value. NOTE: The vendor indicates that the link value is used only when an archive contains a symlink, which currently cannot
CVE-2019-9641Mar 8, 2019
affected < 7.2.5-lp150.2.19.1fixed 7.2.5-lp150.2.19.1
An issue was discovered in the EXIF component in PHP before 7.1.27, 7.2.x before 7.2.16, and 7.3.x before 7.3.3. There is an uninitialized read in exif_process_IFD_in_TIFF.
CVE-2019-9640Mar 8, 2019
affected < 7.2.5-lp150.2.19.1fixed 7.2.5-lp150.2.19.1
An issue was discovered in the EXIF component in PHP before 7.1.27, 7.2.x before 7.2.16, and 7.3.x before 7.3.3. There is an Invalid Read in exif_process_SOFn.
CVE-2019-9639Mar 8, 2019
affected < 7.2.5-lp150.2.19.1fixed 7.2.5-lp150.2.19.1
An issue was discovered in the EXIF component in PHP before 7.1.27, 7.2.x before 7.2.16, and 7.3.x before 7.3.3. There is an uninitialized read in exif_process_IFD_in_MAKERNOTE because of mishandling the data_len variable.
CVE-2019-9638Mar 8, 2019
affected < 7.2.5-lp150.2.19.1fixed 7.2.5-lp150.2.19.1
An issue was discovered in the EXIF component in PHP before 7.1.27, 7.2.x before 7.2.16, and 7.3.x before 7.3.3. There is an uninitialized read in exif_process_IFD_in_MAKERNOTE because of mishandling the maker_note->offset relationship to value_len.
CVE-2019-9637Mar 8, 2019
affected < 7.2.5-lp150.2.19.1fixed 7.2.5-lp150.2.19.1
An issue was discovered in PHP before 7.1.27, 7.2.x before 7.2.16, and 7.3.x before 7.3.3. Due to the way rename() across filesystems is implemented, it is possible that file being renamed is briefly available with wrong permissions while the rename is ongoing, thus enabling unau
CVE-2019-9024Feb 22, 2019
affected < 7.2.5-lp150.2.19.1fixed 7.2.5-lp150.2.19.1
An issue was discovered in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1. xmlrpc_decode() can allow a hostile XMLRPC server to cause PHP to read memory outside of allocated areas in base64_decode_xmlrpc in ext/xmlrpc/libxmlrpc/base64.c.
CVE-2019-9023Feb 22, 2019
affected < 7.2.5-lp150.2.19.1fixed 7.2.5-lp150.2.19.1
An issue was discovered in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1. A number of heap-based buffer over-read instances are present in mbstring regular expression functions when supplied with invalid multibyte data. These occur in ext/mbstr
CVE-2019-9022Feb 22, 2019
affected < 7.2.5-lp150.2.19.1fixed 7.2.5-lp150.2.19.1
An issue was discovered in PHP 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.2. dns_get_record misparses a DNS response, which can allow a hostile DNS server to cause PHP to misuse memcpy, leading to read operations going past the buffer allocated for DNS data. Thi
CVE-2019-9021Feb 22, 2019
affected < 7.2.5-lp150.2.19.1fixed 7.2.5-lp150.2.19.1
An issue was discovered in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1. A heap-based buffer over-read in PHAR reading functions in the PHAR extension may allow an attacker to read allocated or unallocated memory past the actual data when tryi
CVE-2019-9020Feb 22, 2019
affected < 7.2.5-lp150.2.19.1fixed 7.2.5-lp150.2.19.1
An issue was discovered in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1. Invalid input to the function xmlrpc_decode() can lead to an invalid memory access (heap out of bounds read or read after free). This is related to xml_elem_parse_buf in
CVE-2018-20783Feb 21, 2019
affected < 7.2.5-lp150.2.19.1fixed 7.2.5-lp150.2.19.1
In PHP before 5.6.39, 7.x before 7.0.33, 7.1.x before 7.1.25, and 7.2.x before 7.2.13, a buffer over-read in PHAR reading functions may allow an attacker to read allocated or unallocated memory past the actual data when trying to parse a .phar file. This is related to phar_parse_

Page 1 of 2