VYPR

rpm package

suse/php7&distro=SUSE Linux Enterprise Software Development Kit 12 SP1

pkg:rpm/suse/php7&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP1

Vulnerabilities (52)

  • CVE-2016-9138CriJan 4, 2017
    affected < 7.0.7-35.1fixed 7.0.7-35.1

    PHP through 5.6.27 and 7.x through 7.0.12 mishandles property modification during __wakeup processing, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted serialized data, as demonstrated by Exception::__toString with D

  • CVE-2016-9137CriJan 4, 2017
    affected < 7.0.7-25.1fixed 7.0.7-25.1

    Use-after-free vulnerability in the CURLFile implementation in ext/curl/curl_file.c in PHP before 5.6.27 and 7.x before 7.0.12 allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted serialized data that is mishandled during __wa

  • CVE-2016-8670CriJan 4, 2017
    affected < 7.0.7-20.1fixed 7.0.7-20.1

    Integer signedness error in the dynamicGetbuf function in gd_io_dp.c in the GD Graphics Library (aka libgd) through 2.2.3, as used in PHP before 5.6.28 and 7.x before 7.0.13, allows remote attackers to cause a denial of service (stack-based buffer overflow) or possibly have unspe

  • CVE-2016-7568CriSep 28, 2016
    affected < 7.0.7-20.1fixed 7.0.7-20.1

    Integer overflow in the gdImageWebpCtx function in gd_webp.c in the GD Graphics Library (aka libgd) through 2.2.3, as used in PHP through 7.0.11, allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via crafte

  • CVE-2016-7418HigSep 17, 2016
    affected < 7.0.7-15.1fixed 7.0.7-15.1

    The php_wddx_push_element function in ext/wddx/wddx.c in PHP before 5.6.26 and 7.x before 7.0.11 allows remote attackers to cause a denial of service (invalid pointer access and out-of-bounds read) or possibly have unspecified other impact via an incorrect boolean element in a wd

  • CVE-2016-7417CriSep 17, 2016
    affected < 7.0.7-15.1fixed 7.0.7-15.1

    ext/spl/spl_array.c in PHP before 5.6.26 and 7.x before 7.0.11 proceeds with SplArray unserialization without validating a return value and data type, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted serialized data.

  • CVE-2016-7416HigSep 17, 2016
    affected < 7.0.7-15.1fixed 7.0.7-15.1

    ext/intl/msgformat/msgformat_format.c in PHP before 5.6.26 and 7.x before 7.0.11 does not properly restrict the locale length provided to the Locale class in the ICU library, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecifi

  • CVE-2016-7414CriSep 17, 2016
    affected < 7.0.7-15.1fixed 7.0.7-15.1

    The ZIP signature-verification feature in PHP before 5.6.26 and 7.x before 7.0.11 does not ensure that the uncompressed_filesize field is large enough, which allows remote attackers to cause a denial of service (out-of-bounds memory access) or possibly have unspecified other impa

  • CVE-2016-7413CriSep 17, 2016
    affected < 7.0.7-15.1fixed 7.0.7-15.1

    Use-after-free vulnerability in the wddx_stack_destroy function in ext/wddx/wddx.c in PHP before 5.6.26 and 7.x before 7.0.11 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a wddxPacket XML document that lacks an end-tag for a r

  • CVE-2016-7412HigSep 17, 2016
    affected < 7.0.7-15.1fixed 7.0.7-15.1

    ext/mysqlnd/mysqlnd_wireprotocol.c in PHP before 5.6.26 and 7.x before 7.0.11 does not verify that a BIT field has the UNSIGNED_FLAG flag, which allows remote MySQL servers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via cra

  • CVE-2016-7134CriSep 12, 2016
    affected < 7.0.7-15.1fixed 7.0.7-15.1

    ext/curl/interface.c in PHP 7.x before 7.0.10 does not work around a libcurl integer overflow, which allows remote attackers to cause a denial of service (allocation error and heap-based buffer overflow) or possibly have unspecified other impact via a long string that is mishandl

  • CVE-2016-7133HigSep 12, 2016
    affected < 7.0.7-15.1fixed 7.0.7-15.1

    Zend/zend_alloc.c in PHP 7.x before 7.0.10, when open_basedir is enabled, mishandles huge realloc operations, which allows remote attackers to cause a denial of service (integer overflow) or possibly have unspecified other impact via a long pathname.

  • CVE-2016-7132HigSep 12, 2016
    affected < 7.0.7-15.1fixed 7.0.7-15.1

    ext/wddx/wddx.c in PHP before 5.6.25 and 7.x before 7.0.10 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) or possibly have unspecified other impact via an invalid wddxPacket XML document that is mishandled in a wddx_deseriali

  • CVE-2016-7131HigSep 12, 2016
    affected < 7.0.7-15.1fixed 7.0.7-15.1

    ext/wddx/wddx.c in PHP before 5.6.25 and 7.x before 7.0.10 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) or possibly have unspecified other impact via a malformed wddxPacket XML document that is mishandled in a wddx_deserial

  • CVE-2016-7130HigSep 12, 2016
    affected < 7.0.7-15.1fixed 7.0.7-15.1

    The php_wddx_pop_element function in ext/wddx/wddx.c in PHP before 5.6.25 and 7.x before 7.0.10 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) or possibly have unspecified other impact via an invalid base64 binary value, as d

  • CVE-2016-7129CriSep 12, 2016
    affected < 7.0.7-15.1fixed 7.0.7-15.1

    The php_wddx_process_data function in ext/wddx/wddx.c in PHP before 5.6.25 and 7.x before 7.0.10 allows remote attackers to cause a denial of service (segmentation fault) or possibly have unspecified other impact via an invalid ISO 8601 time value, as demonstrated by a wddx_deser

  • CVE-2016-7128MedSep 12, 2016
    affected < 7.0.7-15.1fixed 7.0.7-15.1

    The exif_process_IFD_in_TIFF function in ext/exif/exif.c in PHP before 5.6.25 and 7.x before 7.0.10 mishandles the case of a thumbnail offset that exceeds the file size, which allows remote attackers to obtain sensitive information from process memory via a crafted TIFF image.

  • CVE-2016-7127CriSep 12, 2016
    affected < 7.0.7-15.1fixed 7.0.7-15.1

    The imagegammacorrect function in ext/gd/gd.c in PHP before 5.6.25 and 7.x before 7.0.10 does not properly validate gamma values, which allows remote attackers to cause a denial of service (out-of-bounds write) or possibly have unspecified other impact by providing different sign

  • CVE-2016-7126CriSep 12, 2016
    affected < 7.0.7-15.1fixed 7.0.7-15.1

    The imagetruecolortopalette function in ext/gd/gd.c in PHP before 5.6.25 and 7.x before 7.0.10 does not properly validate the number of colors, which allows remote attackers to cause a denial of service (select_colors allocation error and out-of-bounds write) or possibly have uns

  • CVE-2016-7125HigSep 12, 2016
    affected < 7.0.7-15.1fixed 7.0.7-15.1

    ext/session/session.c in PHP before 5.6.25 and 7.x before 7.0.10 skips invalid session names in a way that triggers incorrect parsing, which allows remote attackers to inject arbitrary-type session data by leveraging control of a session name, as demonstrated by object injection.