rpm package

suse/php7&distro=SUSE Linux Enterprise Module for Web and Scripting 12

pkg:rpm/suse/php7&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Web%20and%20Scripting%2012

Vulnerabilities (103)

CVE	Sev	CVSS	Affected versions	Fixed in	Published	Description
CVE-2016-7133	Hig	8.1	< 7.0.7-15.1	7.0.7-15.1	Sep 12, 2016	Zend/zend_alloc.c in PHP 7.x before 7.0.10, when open_basedir is enabled, mishandles huge realloc operations, which allows remote attackers to cause a denial of service (integer overflow) or possibly have unspecified other impact via a long pathname.
CVE-2016-7132	Hig	7.5	< 7.0.7-15.1	7.0.7-15.1	Sep 12, 2016	ext/wddx/wddx.c in PHP before 5.6.25 and 7.x before 7.0.10 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) or possibly have unspecified other impact via an invalid wddxPacket XML document that is mishandled in a wddx_deseriali
CVE-2016-7131	Hig	7.5	< 7.0.7-15.1	7.0.7-15.1	Sep 12, 2016	ext/wddx/wddx.c in PHP before 5.6.25 and 7.x before 7.0.10 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) or possibly have unspecified other impact via a malformed wddxPacket XML document that is mishandled in a wddx_deserial
CVE-2016-7130	Hig	7.5	< 7.0.7-15.1	7.0.7-15.1	Sep 12, 2016	The php_wddx_pop_element function in ext/wddx/wddx.c in PHP before 5.6.25 and 7.x before 7.0.10 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) or possibly have unspecified other impact via an invalid base64 binary value, as d
CVE-2016-7129	Cri	9.8	< 7.0.7-15.1	7.0.7-15.1	Sep 12, 2016	The php_wddx_process_data function in ext/wddx/wddx.c in PHP before 5.6.25 and 7.x before 7.0.10 allows remote attackers to cause a denial of service (segmentation fault) or possibly have unspecified other impact via an invalid ISO 8601 time value, as demonstrated by a wddx_deser
CVE-2016-7128	Med	5.3	< 7.0.7-15.1	7.0.7-15.1	Sep 12, 2016	The exif_process_IFD_in_TIFF function in ext/exif/exif.c in PHP before 5.6.25 and 7.x before 7.0.10 mishandles the case of a thumbnail offset that exceeds the file size, which allows remote attackers to obtain sensitive information from process memory via a crafted TIFF image.
CVE-2016-7127	Cri	9.8	< 7.0.7-15.1	7.0.7-15.1	Sep 12, 2016	The imagegammacorrect function in ext/gd/gd.c in PHP before 5.6.25 and 7.x before 7.0.10 does not properly validate gamma values, which allows remote attackers to cause a denial of service (out-of-bounds write) or possibly have unspecified other impact by providing different sign
CVE-2016-7126	Cri	9.8	< 7.0.7-15.1	7.0.7-15.1	Sep 12, 2016	The imagetruecolortopalette function in ext/gd/gd.c in PHP before 5.6.25 and 7.x before 7.0.10 does not properly validate the number of colors, which allows remote attackers to cause a denial of service (select_colors allocation error and out-of-bounds write) or possibly have uns
CVE-2016-7125	Hig	7.5	< 7.0.7-15.1	7.0.7-15.1	Sep 12, 2016	ext/session/session.c in PHP before 5.6.25 and 7.x before 7.0.10 skips invalid session names in a way that triggers incorrect parsing, which allows remote attackers to inject arbitrary-type session data by leveraging control of a session name, as demonstrated by object injection.
CVE-2016-7124	Cri	9.8	< 7.0.7-15.1	7.0.7-15.1	Sep 12, 2016	ext/standard/var_unserializer.c in PHP before 5.6.25 and 7.x before 7.0.10 mishandles certain invalid objects, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted serialized data that leads to a (1) __destruct call or (
CVE-2016-6207	Med	6.5	< 7.0.7-15.1	7.0.7-15.1	Aug 12, 2016	Integer overflow in the _gdContributionsAlloc function in gd_interpolation.c in GD Graphics Library (aka libgd) before 2.2.3 allows remote attackers to cause a denial of service (out-of-bounds memory write or memory consumption) via unspecified vectors.
CVE-2016-6161	Med	6.5	< 7.0.7-15.1	7.0.7-15.1	Aug 12, 2016	The output function in gd_gif_out.c in the GD Graphics Library (aka libgd) allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted image.
CVE-2016-6128	Hig	7.5	< 7.0.7-15.1	7.0.7-15.1	Aug 7, 2016	The gdImageCropThreshold function in gd_crop.c in the GD Graphics Library (aka libgd) before 2.2.3, as used in PHP before 7.0.9, allows remote attackers to cause a denial of service (application crash) via an invalid color index.
CVE-2016-5766	Hig	8.8	< 7.0.7-50.9.2	7.0.7-50.9.2	Aug 7, 2016	Integer overflow in the _gd2GetHeader function in gd_gd2.c in the GD Graphics Library (aka libgd) before 2.2.3, as used in PHP before 5.5.37, 5.6.x before 5.6.23, and 7.x before 7.0.8, allows remote attackers to cause a denial of service (heap-based buffer overflow and applicatio
CVE-2016-6297	Hig	8.8	< 7.0.7-15.1	7.0.7-15.1	Jul 25, 2016	Integer overflow in the php_stream_zip_opener function in ext/zip/zip_stream.c in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9 allows remote attackers to cause a denial of service (stack-based buffer overflow) or possibly have unspecified other impact via a crafte
CVE-2016-6296	Cri	9.8	< 7.0.7-15.1	7.0.7-15.1	Jul 25, 2016	Integer signedness error in the simplestring_addn function in simplestring.c in xmlrpc-epi through 0.54.2, as used in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9, allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have u
CVE-2016-6295	Cri	9.8	< 7.0.7-15.1	7.0.7-15.1	Jul 25, 2016	ext/snmp/snmp.c in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9 improperly interacts with the unserialize implementation and garbage collection, which allows remote attackers to cause a denial of service (use-after-free and application crash) or possibly have unsp
CVE-2016-6294	Cri	9.8	< 7.0.7-49.1	7.0.7-49.1	Jul 25, 2016	The locale_accept_from_http function in ext/intl/locale/locale_methods.c in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9 does not properly restrict calls to the ICU uloc_acceptLanguageFromHTTP function, which allows remote attackers to cause a denial of service (o
CVE-2016-6292	Med	6.5	< 7.0.7-15.1	7.0.7-15.1	Jul 25, 2016	The exif_process_user_comment function in ext/exif/exif.c in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted JPEG image.
CVE-2016-6291	Cri	9.8	< 7.0.7-15.1	7.0.7-15.1	Jul 25, 2016	The exif_process_IFD_in_MAKERNOTE function in ext/exif/exif.c in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9 allows remote attackers to cause a denial of service (out-of-bounds array access and memory corruption), obtain sensitive information from process memory,

CVE-2016-7133HigSep 12, 2016
affected < 7.0.7-15.1fixed 7.0.7-15.1
Zend/zend_alloc.c in PHP 7.x before 7.0.10, when open_basedir is enabled, mishandles huge realloc operations, which allows remote attackers to cause a denial of service (integer overflow) or possibly have unspecified other impact via a long pathname.
CVE-2016-7132HigSep 12, 2016
affected < 7.0.7-15.1fixed 7.0.7-15.1
ext/wddx/wddx.c in PHP before 5.6.25 and 7.x before 7.0.10 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) or possibly have unspecified other impact via an invalid wddxPacket XML document that is mishandled in a wddx_deseriali
CVE-2016-7131HigSep 12, 2016
affected < 7.0.7-15.1fixed 7.0.7-15.1
ext/wddx/wddx.c in PHP before 5.6.25 and 7.x before 7.0.10 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) or possibly have unspecified other impact via a malformed wddxPacket XML document that is mishandled in a wddx_deserial
CVE-2016-7130HigSep 12, 2016
affected < 7.0.7-15.1fixed 7.0.7-15.1
The php_wddx_pop_element function in ext/wddx/wddx.c in PHP before 5.6.25 and 7.x before 7.0.10 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) or possibly have unspecified other impact via an invalid base64 binary value, as d
CVE-2016-7129CriSep 12, 2016
affected < 7.0.7-15.1fixed 7.0.7-15.1
The php_wddx_process_data function in ext/wddx/wddx.c in PHP before 5.6.25 and 7.x before 7.0.10 allows remote attackers to cause a denial of service (segmentation fault) or possibly have unspecified other impact via an invalid ISO 8601 time value, as demonstrated by a wddx_deser
CVE-2016-7128MedSep 12, 2016
affected < 7.0.7-15.1fixed 7.0.7-15.1
The exif_process_IFD_in_TIFF function in ext/exif/exif.c in PHP before 5.6.25 and 7.x before 7.0.10 mishandles the case of a thumbnail offset that exceeds the file size, which allows remote attackers to obtain sensitive information from process memory via a crafted TIFF image.
CVE-2016-7127CriSep 12, 2016
affected < 7.0.7-15.1fixed 7.0.7-15.1
The imagegammacorrect function in ext/gd/gd.c in PHP before 5.6.25 and 7.x before 7.0.10 does not properly validate gamma values, which allows remote attackers to cause a denial of service (out-of-bounds write) or possibly have unspecified other impact by providing different sign
CVE-2016-7126CriSep 12, 2016
affected < 7.0.7-15.1fixed 7.0.7-15.1
The imagetruecolortopalette function in ext/gd/gd.c in PHP before 5.6.25 and 7.x before 7.0.10 does not properly validate the number of colors, which allows remote attackers to cause a denial of service (select_colors allocation error and out-of-bounds write) or possibly have uns
CVE-2016-7125HigSep 12, 2016
affected < 7.0.7-15.1fixed 7.0.7-15.1
ext/session/session.c in PHP before 5.6.25 and 7.x before 7.0.10 skips invalid session names in a way that triggers incorrect parsing, which allows remote attackers to inject arbitrary-type session data by leveraging control of a session name, as demonstrated by object injection.
CVE-2016-7124CriSep 12, 2016
affected < 7.0.7-15.1fixed 7.0.7-15.1
ext/standard/var_unserializer.c in PHP before 5.6.25 and 7.x before 7.0.10 mishandles certain invalid objects, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted serialized data that leads to a (1) __destruct call or (
CVE-2016-6207MedAug 12, 2016
affected < 7.0.7-15.1fixed 7.0.7-15.1
Integer overflow in the _gdContributionsAlloc function in gd_interpolation.c in GD Graphics Library (aka libgd) before 2.2.3 allows remote attackers to cause a denial of service (out-of-bounds memory write or memory consumption) via unspecified vectors.
CVE-2016-6161MedAug 12, 2016
affected < 7.0.7-15.1fixed 7.0.7-15.1
The output function in gd_gif_out.c in the GD Graphics Library (aka libgd) allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted image.
CVE-2016-6128HigAug 7, 2016
affected < 7.0.7-15.1fixed 7.0.7-15.1
The gdImageCropThreshold function in gd_crop.c in the GD Graphics Library (aka libgd) before 2.2.3, as used in PHP before 7.0.9, allows remote attackers to cause a denial of service (application crash) via an invalid color index.
CVE-2016-5766HigAug 7, 2016
affected < 7.0.7-50.9.2fixed 7.0.7-50.9.2
Integer overflow in the _gd2GetHeader function in gd_gd2.c in the GD Graphics Library (aka libgd) before 2.2.3, as used in PHP before 5.5.37, 5.6.x before 5.6.23, and 7.x before 7.0.8, allows remote attackers to cause a denial of service (heap-based buffer overflow and applicatio
CVE-2016-6297HigJul 25, 2016
affected < 7.0.7-15.1fixed 7.0.7-15.1
Integer overflow in the php_stream_zip_opener function in ext/zip/zip_stream.c in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9 allows remote attackers to cause a denial of service (stack-based buffer overflow) or possibly have unspecified other impact via a crafte
CVE-2016-6296CriJul 25, 2016
affected < 7.0.7-15.1fixed 7.0.7-15.1
Integer signedness error in the simplestring_addn function in simplestring.c in xmlrpc-epi through 0.54.2, as used in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9, allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have u
CVE-2016-6295CriJul 25, 2016
affected < 7.0.7-15.1fixed 7.0.7-15.1
ext/snmp/snmp.c in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9 improperly interacts with the unserialize implementation and garbage collection, which allows remote attackers to cause a denial of service (use-after-free and application crash) or possibly have unsp
CVE-2016-6294CriJul 25, 2016
affected < 7.0.7-49.1fixed 7.0.7-49.1
The locale_accept_from_http function in ext/intl/locale/locale_methods.c in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9 does not properly restrict calls to the ICU uloc_acceptLanguageFromHTTP function, which allows remote attackers to cause a denial of service (o
CVE-2016-6292MedJul 25, 2016
affected < 7.0.7-15.1fixed 7.0.7-15.1
The exif_process_user_comment function in ext/exif/exif.c in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted JPEG image.
CVE-2016-6291CriJul 25, 2016
affected < 7.0.7-15.1fixed 7.0.7-15.1
The exif_process_IFD_in_MAKERNOTE function in ext/exif/exif.c in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9 allows remote attackers to cause a denial of service (out-of-bounds array access and memory corruption), obtain sensitive information from process memory,

Page 5 of 6