rpm package

suse/php7&distro=SUSE Linux Enterprise Software Development Kit 12 SP2

pkg:rpm/suse/php7&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP2

Vulnerabilities (42)

CVE	Sev	CVSS	Affected versions	Fixed in	Published	Description
CVE-2016-10168	Hig	7.8	< 7.0.7-35.1	7.0.7-35.1	Mar 15, 2017	Integer overflow in gd_io.c in the GD Graphics Library (aka libgd) before 2.2.4 allows remote attackers to have unspecified impact via vectors involving the number of horizontal and vertical chunks in an image.
CVE-2016-10167	Med	5.5	< 7.0.7-35.1	7.0.7-35.1	Mar 15, 2017	The gdImageCreateFromGd2Ctx function in gd_gd2.c in the GD Graphics Library (aka libgd) before 2.2.4 allows remote attackers to cause a denial of service (application crash) via a crafted image file.
CVE-2016-10166	Cri	9.8	< 7.0.7-35.1	7.0.7-35.1	Mar 15, 2017	Integer underflow in the _gdContributionsAlloc function in gd_interpolation.c in the GD Graphics Library (aka libgd) before 2.2.4 allows remote attackers to have unspecified impact via vectors related to decrementing the u variable.
CVE-2015-8994	Hig	7.5	< 7.0.7-38.1	7.0.7-38.1	Mar 2, 2017	An issue was discovered in PHP 5.x and 7.x, when the configuration uses apache2handler/mod_php or php-fpm with OpCache enabled. With 5.x after 5.6.28 or 7.x after 7.0.13, the issue is resolved in a non-default configuration with the opcache.validate_permission=1 setting. The vuln
CVE-2016-10162	Hig	7.5	< 7.0.7-35.1	7.0.7-35.1	Jan 24, 2017	The php_wddx_pop_element function in ext/wddx/wddx.c in PHP 7.0.x before 7.0.15 and 7.1.x before 7.1.1 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an inapplicable class name in a wddxPacket XML document, leading to mis
CVE-2016-10161	Hig	7.5	< 7.0.7-35.1	7.0.7-35.1	Jan 24, 2017	The object_common1 function in ext/standard/var_unserializer.c in PHP before 5.6.30, 7.0.x before 7.0.15, and 7.1.x before 7.1.1 allows remote attackers to cause a denial of service (buffer over-read and application crash) via crafted serialized data that is mishandled in a finis
CVE-2016-10160	Cri	9.8	< 7.0.7-35.1	7.0.7-35.1	Jan 24, 2017	Off-by-one error in the phar_parse_pharfile function in ext/phar/phar.c in PHP before 5.6.30 and 7.0.x before 7.0.15 allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a crafted PHAR archive with an alias mismatch.
CVE-2016-10159	Hig	7.5	< 7.0.7-35.1	7.0.7-35.1	Jan 24, 2017	Integer overflow in the phar_parse_pharfile function in ext/phar/phar.c in PHP before 5.6.30 and 7.0.x before 7.0.15 allows remote attackers to cause a denial of service (memory consumption or application crash) via a truncated manifest entry in a PHAR archive.
CVE-2016-10158	Hig	7.5	< 7.0.7-35.1	7.0.7-35.1	Jan 24, 2017	The exif_convert_any_to_int function in ext/exif/exif.c in PHP before 5.6.30, 7.0.x before 7.0.15, and 7.1.x before 7.1.1 allows remote attackers to cause a denial of service (application crash) via crafted EXIF data that triggers an attempt to divide the minimum representable ne
CVE-2016-7479	Cri	9.8	< 7.0.7-35.1	7.0.7-35.1	Jan 12, 2017	In all versions of PHP 7, during the unserialization process, resizing the 'properties' hash table of a serialized object may lead to use-after-free. A remote attacker may exploit this bug to gain arbitrary code execution.
CVE-2016-7480	Cri	9.8	< 7.0.7-35.1	7.0.7-35.1	Jan 11, 2017	The SplObjectStorage unserialize implementation in ext/spl/spl_observer.c in PHP before 7.0.12 does not verify that a key is an object, which allows remote attackers to execute arbitrary code or cause a denial of service (uninitialized memory access) via crafted serialized data.
CVE-2017-5340	Cri	9.8	< 7.0.7-35.1	7.0.7-35.1	Jan 11, 2017	Zend/zend_hash.c in PHP before 7.0.15 and 7.1.x before 7.1.1 mishandles certain cases that require large array allocations, which allows remote attackers to execute arbitrary code or cause a denial of service (integer overflow, uninitialized memory access, and use of arbitrary de
CVE-2016-7478	Hig	7.5	< 7.0.7-35.1	7.0.7-35.1	Jan 11, 2017	Zend/zend_exceptions.c in PHP, possibly 5.x before 5.6.28 and 7.x before 7.0.13, allows remote attackers to cause a denial of service (infinite loop) via a crafted Exception object in serialized data, a related issue to CVE-2015-8876.
CVE-2016-9936	Cri	9.8	< 7.0.7-28.2	7.0.7-28.2	Jan 4, 2017	The unserialize implementation in ext/standard/var.c in PHP 7.x before 7.0.14 allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via crafted serialized data. NOTE: this vulnerability exists because of an incomplete fix
CVE-2016-9935	Cri	9.8	< 7.0.7-28.2	7.0.7-28.2	Jan 4, 2017	The php_wddx_push_element function in ext/wddx/wddx.c in PHP before 5.6.29 and 7.x before 7.0.14 allows remote attackers to cause a denial of service (out-of-bounds read and memory corruption) or possibly have unspecified other impact via an empty boolean element in a wddxPacket
CVE-2016-9934	Hig	7.5	< 7.0.7-28.2	7.0.7-28.2	Jan 4, 2017	ext/wddx/wddx.c in PHP before 5.6.28 and 7.x before 7.0.13 allows remote attackers to cause a denial of service (NULL pointer dereference) via crafted serialized data in a wddxPacket XML document, as demonstrated by a PDORow string.
CVE-2016-9933	Hig	7.5	< 7.0.7-28.2	7.0.7-28.2	Jan 4, 2017	Stack consumption vulnerability in the gdImageFillToBorder function in gd.c in the GD Graphics Library (aka libgd) before 2.2.2, as used in PHP before 5.6.28 and 7.x before 7.0.13, allows remote attackers to cause a denial of service (segmentation violation) via a crafted imagefi
CVE-2016-9138	Cri	9.8	< 7.0.7-35.1	7.0.7-35.1	Jan 4, 2017	PHP through 5.6.27 and 7.x through 7.0.12 mishandles property modification during __wakeup processing, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted serialized data, as demonstrated by Exception::__toString with D
CVE-2016-9137	Cri	9.8	< 7.0.7-25.1	7.0.7-25.1	Jan 4, 2017	Use-after-free vulnerability in the CURLFile implementation in ext/curl/curl_file.c in PHP before 5.6.27 and 7.x before 7.0.12 allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted serialized data that is mishandled during __wa
CVE-2016-5766	Hig	8.8	< 7.0.7-50.9.2	7.0.7-50.9.2	Aug 7, 2016	Integer overflow in the _gd2GetHeader function in gd_gd2.c in the GD Graphics Library (aka libgd) before 2.2.3, as used in PHP before 5.5.37, 5.6.x before 5.6.23, and 7.x before 7.0.8, allows remote attackers to cause a denial of service (heap-based buffer overflow and applicatio

CVE-2016-10168HigMar 15, 2017
affected < 7.0.7-35.1fixed 7.0.7-35.1
Integer overflow in gd_io.c in the GD Graphics Library (aka libgd) before 2.2.4 allows remote attackers to have unspecified impact via vectors involving the number of horizontal and vertical chunks in an image.
CVE-2016-10167MedMar 15, 2017
affected < 7.0.7-35.1fixed 7.0.7-35.1
The gdImageCreateFromGd2Ctx function in gd_gd2.c in the GD Graphics Library (aka libgd) before 2.2.4 allows remote attackers to cause a denial of service (application crash) via a crafted image file.
CVE-2016-10166CriMar 15, 2017
affected < 7.0.7-35.1fixed 7.0.7-35.1
Integer underflow in the _gdContributionsAlloc function in gd_interpolation.c in the GD Graphics Library (aka libgd) before 2.2.4 allows remote attackers to have unspecified impact via vectors related to decrementing the u variable.
CVE-2015-8994HigMar 2, 2017
affected < 7.0.7-38.1fixed 7.0.7-38.1
An issue was discovered in PHP 5.x and 7.x, when the configuration uses apache2handler/mod_php or php-fpm with OpCache enabled. With 5.x after 5.6.28 or 7.x after 7.0.13, the issue is resolved in a non-default configuration with the opcache.validate_permission=1 setting. The vuln
CVE-2016-10162HigJan 24, 2017
affected < 7.0.7-35.1fixed 7.0.7-35.1
The php_wddx_pop_element function in ext/wddx/wddx.c in PHP 7.0.x before 7.0.15 and 7.1.x before 7.1.1 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an inapplicable class name in a wddxPacket XML document, leading to mis
CVE-2016-10161HigJan 24, 2017
affected < 7.0.7-35.1fixed 7.0.7-35.1
The object_common1 function in ext/standard/var_unserializer.c in PHP before 5.6.30, 7.0.x before 7.0.15, and 7.1.x before 7.1.1 allows remote attackers to cause a denial of service (buffer over-read and application crash) via crafted serialized data that is mishandled in a finis
CVE-2016-10160CriJan 24, 2017
affected < 7.0.7-35.1fixed 7.0.7-35.1
Off-by-one error in the phar_parse_pharfile function in ext/phar/phar.c in PHP before 5.6.30 and 7.0.x before 7.0.15 allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a crafted PHAR archive with an alias mismatch.
CVE-2016-10159HigJan 24, 2017
affected < 7.0.7-35.1fixed 7.0.7-35.1
Integer overflow in the phar_parse_pharfile function in ext/phar/phar.c in PHP before 5.6.30 and 7.0.x before 7.0.15 allows remote attackers to cause a denial of service (memory consumption or application crash) via a truncated manifest entry in a PHAR archive.
CVE-2016-10158HigJan 24, 2017
affected < 7.0.7-35.1fixed 7.0.7-35.1
The exif_convert_any_to_int function in ext/exif/exif.c in PHP before 5.6.30, 7.0.x before 7.0.15, and 7.1.x before 7.1.1 allows remote attackers to cause a denial of service (application crash) via crafted EXIF data that triggers an attempt to divide the minimum representable ne
CVE-2016-7479CriJan 12, 2017
affected < 7.0.7-35.1fixed 7.0.7-35.1
In all versions of PHP 7, during the unserialization process, resizing the 'properties' hash table of a serialized object may lead to use-after-free. A remote attacker may exploit this bug to gain arbitrary code execution.
CVE-2016-7480CriJan 11, 2017
affected < 7.0.7-35.1fixed 7.0.7-35.1
The SplObjectStorage unserialize implementation in ext/spl/spl_observer.c in PHP before 7.0.12 does not verify that a key is an object, which allows remote attackers to execute arbitrary code or cause a denial of service (uninitialized memory access) via crafted serialized data.
CVE-2017-5340CriJan 11, 2017
affected < 7.0.7-35.1fixed 7.0.7-35.1
Zend/zend_hash.c in PHP before 7.0.15 and 7.1.x before 7.1.1 mishandles certain cases that require large array allocations, which allows remote attackers to execute arbitrary code or cause a denial of service (integer overflow, uninitialized memory access, and use of arbitrary de
CVE-2016-7478HigJan 11, 2017
affected < 7.0.7-35.1fixed 7.0.7-35.1
Zend/zend_exceptions.c in PHP, possibly 5.x before 5.6.28 and 7.x before 7.0.13, allows remote attackers to cause a denial of service (infinite loop) via a crafted Exception object in serialized data, a related issue to CVE-2015-8876.
CVE-2016-9936CriJan 4, 2017
affected < 7.0.7-28.2fixed 7.0.7-28.2
The unserialize implementation in ext/standard/var.c in PHP 7.x before 7.0.14 allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via crafted serialized data. NOTE: this vulnerability exists because of an incomplete fix
CVE-2016-9935CriJan 4, 2017
affected < 7.0.7-28.2fixed 7.0.7-28.2
The php_wddx_push_element function in ext/wddx/wddx.c in PHP before 5.6.29 and 7.x before 7.0.14 allows remote attackers to cause a denial of service (out-of-bounds read and memory corruption) or possibly have unspecified other impact via an empty boolean element in a wddxPacket
CVE-2016-9934HigJan 4, 2017
affected < 7.0.7-28.2fixed 7.0.7-28.2
ext/wddx/wddx.c in PHP before 5.6.28 and 7.x before 7.0.13 allows remote attackers to cause a denial of service (NULL pointer dereference) via crafted serialized data in a wddxPacket XML document, as demonstrated by a PDORow string.
CVE-2016-9933HigJan 4, 2017
affected < 7.0.7-28.2fixed 7.0.7-28.2
Stack consumption vulnerability in the gdImageFillToBorder function in gd.c in the GD Graphics Library (aka libgd) before 2.2.2, as used in PHP before 5.6.28 and 7.x before 7.0.13, allows remote attackers to cause a denial of service (segmentation violation) via a crafted imagefi
CVE-2016-9138CriJan 4, 2017
affected < 7.0.7-35.1fixed 7.0.7-35.1
PHP through 5.6.27 and 7.x through 7.0.12 mishandles property modification during __wakeup processing, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted serialized data, as demonstrated by Exception::__toString with D
CVE-2016-9137CriJan 4, 2017
affected < 7.0.7-25.1fixed 7.0.7-25.1
Use-after-free vulnerability in the CURLFile implementation in ext/curl/curl_file.c in PHP before 5.6.27 and 7.x before 7.0.12 allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted serialized data that is mishandled during __wa
CVE-2016-5766HigAug 7, 2016
affected < 7.0.7-50.9.2fixed 7.0.7-50.9.2
Integer overflow in the _gd2GetHeader function in gd_gd2.c in the GD Graphics Library (aka libgd) before 2.2.3, as used in PHP before 5.5.37, 5.6.x before 5.6.23, and 7.x before 7.0.8, allows remote attackers to cause a denial of service (heap-based buffer overflow and applicatio

Page 2 of 3