VYPR

rpm package

suse/php7&distro=SUSE Linux Enterprise Software Development Kit 12 SP3

pkg:rpm/suse/php7&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP3

Vulnerabilities (35)

  • CVE-2018-5711Jan 16, 2018
    affected < 7.0.7-50.26.1fixed 7.0.7-50.26.1

    gd_gif_in.c in the GD Graphics Library (aka libgd), as used in PHP before 5.6.33, 7.0.x before 7.0.27, 7.1.x before 7.1.13, and 7.2.x before 7.2.1, has an integer signedness error that leads to an infinite loop via a crafted GIF file, as demonstrated by a call to the imagecreatef

  • CVE-2017-16642HigNov 7, 2017
    affected < 7.0.7-50.23.1fixed 7.0.7-50.23.1

    In PHP before 5.6.32, 7.x before 7.0.25, and 7.1.x before 7.1.11, an error in the date extension's timelib_meridian handling of 'front of' and 'back of' directives could be used by attackers able to supply date strings to leak information from the interpreter, related to ext/date

  • CVE-2017-12934HigAug 18, 2017
    affected < 7.0.7-50.18.1fixed 7.0.7-50.18.1

    ext/standard/var_unserializer.re in PHP 7.0.x before 7.0.21 and 7.1.x before 7.1.7 is prone to a heap use after free while unserializing untrusted data, related to the zval_get_type function in Zend/zend_types.h. Exploitation of this issue can have an unspecified impact on the in

  • CVE-2017-12933CriAug 18, 2017
    affected < 7.0.7-50.18.1fixed 7.0.7-50.18.1

    The finish_nested_data function in ext/standard/var_unserializer.re in PHP before 5.6.31, 7.0.x before 7.0.21, and 7.1.x before 7.1.7 is prone to a buffer over-read while unserializing untrusted data. Exploitation of this issue can have an unspecified impact on the integrity of P

  • CVE-2017-12932CriAug 18, 2017
    affected < 7.0.7-50.18.1fixed 7.0.7-50.18.1

    ext/standard/var_unserializer.re in PHP 7.0.x through 7.0.22 and 7.1.x through 7.1.8 is prone to a heap use after free while unserializing untrusted data, related to improper use of the hash API for key deletion in a situation with an invalid array size. Exploitation of this issu

  • CVE-2017-7890MedAug 2, 2017
    affected < 7.0.7-50.9.2fixed 7.0.7-50.9.2

    The GIF decoding function gdImageCreateFromGifCtx in gd_gif_in.c in the GD Graphics Library (aka libgd), as used in PHP before 5.6.31 and 7.x before 7.1.7, does not zero colorMap arrays before use. A specially crafted GIF image could use the uninitialized tables to read ~700 byte

  • CVE-2017-11628HigJul 25, 2017
    affected < 7.0.7-50.9.2fixed 7.0.7-50.9.2

    In PHP before 5.6.31, 7.x before 7.0.21, and 7.1.x before 7.1.7, a stack-based buffer overflow in the zend_ini_do_op() function in Zend/zend_ini_parser.c could cause a denial of service or potentially allow executing code. NOTE: this is only relevant for PHP applications that acc

  • CVE-2017-11147CriJul 10, 2017
    affected < 7.0.7-50.9.2fixed 7.0.7-50.9.2

    In PHP before 5.6.30 and 7.x before 7.0.15, the PHAR archive handler could be used by attackers supplying malicious archive files to crash the PHP interpreter or potentially disclose information due to a buffer over-read in the phar_parse_pharfile function in ext/phar/phar.c.

  • CVE-2017-11145HigJul 10, 2017
    affected < 7.0.7-50.9.2fixed 7.0.7-50.9.2

    In PHP before 5.6.31, 7.x before 7.0.21, and 7.1.x before 7.1.7, an error in the date extension's timelib_meridian parsing code could be used by attackers able to supply date strings to leak information from the interpreter, related to ext/date/lib/parse_date.c out-of-bounds read

  • CVE-2017-11144HigJul 10, 2017
    affected < 7.0.7-50.9.2fixed 7.0.7-50.9.2

    In PHP before 5.6.31, 7.x before 7.0.21, and 7.1.x before 7.1.7, the openssl extension PEM sealing code did not check the return value of the OpenSSL sealing function, which could lead to a crash of the PHP interpreter, related to an interpretation conflict for a negative number

  • CVE-2017-11142HigJul 10, 2017
    affected < 7.0.7-50.9.2fixed 7.0.7-50.9.2

    In PHP before 5.6.31, 7.x before 7.0.17, and 7.1.x before 7.1.3, remote attackers could cause a CPU consumption denial of service attack by injecting long form variables, related to main/php_variables.c.

  • CVE-2016-10397HigJul 10, 2017
    affected < 7.0.7-50.9.2fixed 7.0.7-50.9.2

    In PHP before 5.6.28 and 7.x before 7.0.13, incorrect handling of various URI components in the URL parser could be used by attackers to bypass hostname-specific URL checks, as demonstrated by evil.example.com:80#@good.example.com/ and evil.example.com:80?@good.example.com/ input

  • CVE-2017-9229HigMay 24, 2017
    affected < 7.0.7-50.23.1fixed 7.0.7-50.23.1

    An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A SIGSEGV occurs in left_adjust_char_head() during regular expression compilation. Invalid handling of reg->dmax in forward_search_range() could result in

  • CVE-2017-9228CriMay 24, 2017
    affected < 7.0.7-50.23.1fixed 7.0.7-50.23.1

    An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A heap out-of-bounds write occurs in bitset_set_range() during regular expression compilation due to an uninitialized variable from an incorrect state tra

  • CVE-2016-5766HigAug 7, 2016
    affected < 7.0.7-50.9.2fixed 7.0.7-50.9.2

    Integer overflow in the _gd2GetHeader function in gd_gd2.c in the GD Graphics Library (aka libgd) before 2.2.3, as used in PHP before 5.5.37, 5.6.x before 5.6.23, and 7.x before 7.0.8, allows remote attackers to cause a denial of service (heap-based buffer overflow and applicatio

Page 2 of 2