rpm package

suse/php5&distro=SUSE Linux Enterprise Software Development Kit 12 SP1

pkg:rpm/suse/php5&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP1

Vulnerabilities (92)

CVE	Sev	CVSS	Affected versions	Fixed in	Published	Description
CVE-2016-5399	Hig	7.8	< 5.5.14-73.1	5.5.14-73.1	Apr 21, 2017	The bzread function in ext/bz2/bz2.c in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9 allows remote attackers to cause a denial of service (out-of-bounds write) or execute arbitrary code via a crafted bz2 archive.
CVE-2016-10168	Hig	7.8	< 5.5.14-96.1	5.5.14-96.1	Mar 15, 2017	Integer overflow in gd_io.c in the GD Graphics Library (aka libgd) before 2.2.4 allows remote attackers to have unspecified impact via vectors involving the number of horizontal and vertical chunks in an image.
CVE-2016-10167	Med	5.5	< 5.5.14-96.1	5.5.14-96.1	Mar 15, 2017	The gdImageCreateFromGd2Ctx function in gd_gd2.c in the GD Graphics Library (aka libgd) before 2.2.4 allows remote attackers to cause a denial of service (application crash) via a crafted image file.
CVE-2016-10166	Cri	9.8	< 5.5.14-96.1	5.5.14-96.1	Mar 15, 2017	Integer underflow in the _gdContributionsAlloc function in gd_interpolation.c in the GD Graphics Library (aka libgd) before 2.2.4 allows remote attackers to have unspecified impact via vectors related to decrementing the u variable.
CVE-2015-8994	Hig	7.5	< 5.5.14-99.1	5.5.14-99.1	Mar 2, 2017	An issue was discovered in PHP 5.x and 7.x, when the configuration uses apache2handler/mod_php or php-fpm with OpCache enabled. With 5.x after 5.6.28 or 7.x after 7.0.13, the issue is resolved in a non-default configuration with the opcache.validate_permission=1 setting. The vuln
CVE-2016-6911	Med	5.5	< 5.5.14-83.1	5.5.14-83.1	Jan 26, 2017	The dynamicGetbuf function in the GD Graphics Library (aka libgd) before 2.2.4 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted TIFF image.
CVE-2016-10161	Hig	7.5	< 5.5.14-96.1	5.5.14-96.1	Jan 24, 2017	The object_common1 function in ext/standard/var_unserializer.c in PHP before 5.6.30, 7.0.x before 7.0.15, and 7.1.x before 7.1.1 allows remote attackers to cause a denial of service (buffer over-read and application crash) via crafted serialized data that is mishandled in a finis
CVE-2016-10160	Cri	9.8	< 5.5.14-96.1	5.5.14-96.1	Jan 24, 2017	Off-by-one error in the phar_parse_pharfile function in ext/phar/phar.c in PHP before 5.6.30 and 7.0.x before 7.0.15 allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a crafted PHAR archive with an alias mismatch.
CVE-2016-10159	Hig	7.5	< 5.5.14-96.1	5.5.14-96.1	Jan 24, 2017	Integer overflow in the phar_parse_pharfile function in ext/phar/phar.c in PHP before 5.6.30 and 7.0.x before 7.0.15 allows remote attackers to cause a denial of service (memory consumption or application crash) via a truncated manifest entry in a PHAR archive.
CVE-2016-10158	Hig	7.5	< 5.5.14-96.1	5.5.14-96.1	Jan 24, 2017	The exif_convert_any_to_int function in ext/exif/exif.c in PHP before 5.6.30, 7.0.x before 7.0.15, and 7.1.x before 7.1.1 allows remote attackers to cause a denial of service (application crash) via crafted EXIF data that triggers an attempt to divide the minimum representable ne
CVE-2016-7478	Hig	7.5	< 5.5.14-96.1	5.5.14-96.1	Jan 11, 2017	Zend/zend_exceptions.c in PHP, possibly 5.x before 5.6.28 and 7.x before 7.0.13, allows remote attackers to cause a denial of service (infinite loop) via a crafted Exception object in serialized data, a related issue to CVE-2015-8876.
CVE-2016-9935	Cri	9.8	< 5.5.14-89.2	5.5.14-89.2	Jan 4, 2017	The php_wddx_push_element function in ext/wddx/wddx.c in PHP before 5.6.29 and 7.x before 7.0.14 allows remote attackers to cause a denial of service (out-of-bounds read and memory corruption) or possibly have unspecified other impact via an empty boolean element in a wddxPacket
CVE-2016-9934	Hig	7.5	< 5.5.14-89.2	5.5.14-89.2	Jan 4, 2017	ext/wddx/wddx.c in PHP before 5.6.28 and 7.x before 7.0.13 allows remote attackers to cause a denial of service (NULL pointer dereference) via crafted serialized data in a wddxPacket XML document, as demonstrated by a PDORow string.
CVE-2016-9933	Hig	7.5	< 5.5.14-89.2	5.5.14-89.2	Jan 4, 2017	Stack consumption vulnerability in the gdImageFillToBorder function in gd.c in the GD Graphics Library (aka libgd) before 2.2.2, as used in PHP before 5.6.28 and 7.x before 7.0.13, allows remote attackers to cause a denial of service (segmentation violation) via a crafted imagefi
CVE-2016-9137	Cri	9.8	< 5.5.14-86.2	5.5.14-86.2	Jan 4, 2017	Use-after-free vulnerability in the CURLFile implementation in ext/curl/curl_file.c in PHP before 5.6.27 and 7.x before 7.0.12 allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted serialized data that is mishandled during __wa
CVE-2016-8670	Cri	9.8	< 5.5.14-83.1	5.5.14-83.1	Jan 4, 2017	Integer signedness error in the dynamicGetbuf function in gd_io_dp.c in the GD Graphics Library (aka libgd) through 2.2.3, as used in PHP before 5.6.28 and 7.x before 7.0.13, allows remote attackers to cause a denial of service (stack-based buffer overflow) or possibly have unspe
CVE-2016-7568	Cri	9.8	< 5.5.14-83.1	5.5.14-83.1	Sep 28, 2016	Integer overflow in the gdImageWebpCtx function in gd_webp.c in the GD Graphics Library (aka libgd) through 2.2.3, as used in PHP through 7.0.11, allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via crafte
CVE-2016-7418	Hig	7.5	< 5.5.14-78.1	5.5.14-78.1	Sep 17, 2016	The php_wddx_push_element function in ext/wddx/wddx.c in PHP before 5.6.26 and 7.x before 7.0.11 allows remote attackers to cause a denial of service (invalid pointer access and out-of-bounds read) or possibly have unspecified other impact via an incorrect boolean element in a wd
CVE-2016-7417	Cri	9.8	< 5.5.14-78.1	5.5.14-78.1	Sep 17, 2016	ext/spl/spl_array.c in PHP before 5.6.26 and 7.x before 7.0.11 proceeds with SplArray unserialization without validating a return value and data type, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted serialized data.
CVE-2016-7416	Hig	7.5	< 5.5.14-78.1	5.5.14-78.1	Sep 17, 2016	ext/intl/msgformat/msgformat_format.c in PHP before 5.6.26 and 7.x before 7.0.11 does not properly restrict the locale length provided to the Locale class in the ICU library, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecifi

CVE-2016-5399HigApr 21, 2017
affected < 5.5.14-73.1fixed 5.5.14-73.1
The bzread function in ext/bz2/bz2.c in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9 allows remote attackers to cause a denial of service (out-of-bounds write) or execute arbitrary code via a crafted bz2 archive.
CVE-2016-10168HigMar 15, 2017
affected < 5.5.14-96.1fixed 5.5.14-96.1
Integer overflow in gd_io.c in the GD Graphics Library (aka libgd) before 2.2.4 allows remote attackers to have unspecified impact via vectors involving the number of horizontal and vertical chunks in an image.
CVE-2016-10167MedMar 15, 2017
affected < 5.5.14-96.1fixed 5.5.14-96.1
The gdImageCreateFromGd2Ctx function in gd_gd2.c in the GD Graphics Library (aka libgd) before 2.2.4 allows remote attackers to cause a denial of service (application crash) via a crafted image file.
CVE-2016-10166CriMar 15, 2017
affected < 5.5.14-96.1fixed 5.5.14-96.1
Integer underflow in the _gdContributionsAlloc function in gd_interpolation.c in the GD Graphics Library (aka libgd) before 2.2.4 allows remote attackers to have unspecified impact via vectors related to decrementing the u variable.
CVE-2015-8994HigMar 2, 2017
affected < 5.5.14-99.1fixed 5.5.14-99.1
An issue was discovered in PHP 5.x and 7.x, when the configuration uses apache2handler/mod_php or php-fpm with OpCache enabled. With 5.x after 5.6.28 or 7.x after 7.0.13, the issue is resolved in a non-default configuration with the opcache.validate_permission=1 setting. The vuln
CVE-2016-6911MedJan 26, 2017
affected < 5.5.14-83.1fixed 5.5.14-83.1
The dynamicGetbuf function in the GD Graphics Library (aka libgd) before 2.2.4 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted TIFF image.
CVE-2016-10161HigJan 24, 2017
affected < 5.5.14-96.1fixed 5.5.14-96.1
The object_common1 function in ext/standard/var_unserializer.c in PHP before 5.6.30, 7.0.x before 7.0.15, and 7.1.x before 7.1.1 allows remote attackers to cause a denial of service (buffer over-read and application crash) via crafted serialized data that is mishandled in a finis
CVE-2016-10160CriJan 24, 2017
affected < 5.5.14-96.1fixed 5.5.14-96.1
Off-by-one error in the phar_parse_pharfile function in ext/phar/phar.c in PHP before 5.6.30 and 7.0.x before 7.0.15 allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a crafted PHAR archive with an alias mismatch.
CVE-2016-10159HigJan 24, 2017
affected < 5.5.14-96.1fixed 5.5.14-96.1
Integer overflow in the phar_parse_pharfile function in ext/phar/phar.c in PHP before 5.6.30 and 7.0.x before 7.0.15 allows remote attackers to cause a denial of service (memory consumption or application crash) via a truncated manifest entry in a PHAR archive.
CVE-2016-10158HigJan 24, 2017
affected < 5.5.14-96.1fixed 5.5.14-96.1
The exif_convert_any_to_int function in ext/exif/exif.c in PHP before 5.6.30, 7.0.x before 7.0.15, and 7.1.x before 7.1.1 allows remote attackers to cause a denial of service (application crash) via crafted EXIF data that triggers an attempt to divide the minimum representable ne
CVE-2016-7478HigJan 11, 2017
affected < 5.5.14-96.1fixed 5.5.14-96.1
Zend/zend_exceptions.c in PHP, possibly 5.x before 5.6.28 and 7.x before 7.0.13, allows remote attackers to cause a denial of service (infinite loop) via a crafted Exception object in serialized data, a related issue to CVE-2015-8876.
CVE-2016-9935CriJan 4, 2017
affected < 5.5.14-89.2fixed 5.5.14-89.2
The php_wddx_push_element function in ext/wddx/wddx.c in PHP before 5.6.29 and 7.x before 7.0.14 allows remote attackers to cause a denial of service (out-of-bounds read and memory corruption) or possibly have unspecified other impact via an empty boolean element in a wddxPacket
CVE-2016-9934HigJan 4, 2017
affected < 5.5.14-89.2fixed 5.5.14-89.2
ext/wddx/wddx.c in PHP before 5.6.28 and 7.x before 7.0.13 allows remote attackers to cause a denial of service (NULL pointer dereference) via crafted serialized data in a wddxPacket XML document, as demonstrated by a PDORow string.
CVE-2016-9933HigJan 4, 2017
affected < 5.5.14-89.2fixed 5.5.14-89.2
Stack consumption vulnerability in the gdImageFillToBorder function in gd.c in the GD Graphics Library (aka libgd) before 2.2.2, as used in PHP before 5.6.28 and 7.x before 7.0.13, allows remote attackers to cause a denial of service (segmentation violation) via a crafted imagefi
CVE-2016-9137CriJan 4, 2017
affected < 5.5.14-86.2fixed 5.5.14-86.2
Use-after-free vulnerability in the CURLFile implementation in ext/curl/curl_file.c in PHP before 5.6.27 and 7.x before 7.0.12 allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted serialized data that is mishandled during __wa
CVE-2016-8670CriJan 4, 2017
affected < 5.5.14-83.1fixed 5.5.14-83.1
Integer signedness error in the dynamicGetbuf function in gd_io_dp.c in the GD Graphics Library (aka libgd) through 2.2.3, as used in PHP before 5.6.28 and 7.x before 7.0.13, allows remote attackers to cause a denial of service (stack-based buffer overflow) or possibly have unspe
CVE-2016-7568CriSep 28, 2016
affected < 5.5.14-83.1fixed 5.5.14-83.1
Integer overflow in the gdImageWebpCtx function in gd_webp.c in the GD Graphics Library (aka libgd) through 2.2.3, as used in PHP through 7.0.11, allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via crafte
CVE-2016-7418HigSep 17, 2016
affected < 5.5.14-78.1fixed 5.5.14-78.1
The php_wddx_push_element function in ext/wddx/wddx.c in PHP before 5.6.26 and 7.x before 7.0.11 allows remote attackers to cause a denial of service (invalid pointer access and out-of-bounds read) or possibly have unspecified other impact via an incorrect boolean element in a wd
CVE-2016-7417CriSep 17, 2016
affected < 5.5.14-78.1fixed 5.5.14-78.1
ext/spl/spl_array.c in PHP before 5.6.26 and 7.x before 7.0.11 proceeds with SplArray unserialization without validating a return value and data type, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted serialized data.
CVE-2016-7416HigSep 17, 2016
affected < 5.5.14-78.1fixed 5.5.14-78.1
ext/intl/msgformat/msgformat_format.c in PHP before 5.6.26 and 7.x before 7.0.11 does not properly restrict the locale length provided to the Locale class in the ICU library, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecifi

Page 1 of 5