Product:

Php

(Php)
Repositories https://github.com/php/php-src
https://github.com/file/file
https://github.com/kkos/oniguruma
https://github.com/libgd/libgd
https://github.com/mysql/mysql-server
#Vulnerabilities 683
Date Id Summary Products Score Patch Annotated
2015-03-30 CVE-2014-9709 The GetCode_ function in gd_gif_in.c in GD 2.1.1 and earlier, as used in PHP before 5.5.21 and 5.6.x before 5.6.5, allows remote attackers to cause a denial of service (buffer over-read and application crash) via a crafted GIF image that is improperly handled by the gdImageCreateFromGif function. Ubuntu_linux, Debian_linux, Libgd, Opensuse, Php N/A
2007-05-16 CVE-2007-2727 The mcrypt_create_iv function in ext/mcrypt/mcrypt.c in PHP before 4.4.7, 5.2.1, and possibly 5.0.x and other PHP 5 versions, calls php_rand_r with an uninitialized seed variable and therefore always generates the same initialization vector (IV), which might allow context-dependent attackers to decrypt certain data more easily because of the guessable encryption keys. Php N/A
2014-02-18 CVE-2014-1943 Fine Free file before 5.17 allows context-dependent attackers to cause a denial of service (infinite recursion, CPU consumption, and crash) via a crafted indirect offset value in the magic of a file. Ubuntu_linux, Debian_linux, Fine_free_file, Php N/A
2014-03-24 CVE-2013-7345 The BEGIN regular expression in the awk script detector in magic/Magdir/commands in file before 5.15 uses multiple wildcards with unlimited repetitions, which allows context-dependent attackers to cause a denial of service (CPU consumption) via a crafted ASCII file that triggers a large amount of backtracking, as demonstrated via a file with many newline characters. File, Debian_linux, Php N/A
2014-06-01 CVE-2014-0238 The cdf_read_property_info function in cdf.c in the Fileinfo component in PHP before 5.4.29 and 5.5.x before 5.5.13 allows remote attackers to cause a denial of service (infinite loop or out-of-bounds memory access) via a vector that (1) has zero length or (2) is too long. Debian_linux, Php N/A
2014-03-14 CVE-2014-2270 softmagic.c in file before 5.17 and libmagic allows context-dependent attackers to cause a denial of service (out-of-bounds memory access and crash) via crafted offsets in the softmagic of a PE executable. Ubuntu_linux, Debian_linux, File, Opensuse, Php N/A
2014-07-09 CVE-2014-3479 The cdf_check_stream_offset function in cdf.c in file before 5.19, as used in the Fileinfo component in PHP before 5.4.30 and 5.5.x before 5.5.14, relies on incorrect sector-size data, which allows remote attackers to cause a denial of service (application crash) via a crafted stream offset in a CDF file. Debian_linux, File, Opensuse, Linux, Php N/A
2014-07-09 CVE-2014-3480 The cdf_count_chain function in cdf.c in file before 5.19, as used in the Fileinfo component in PHP before 5.4.30 and 5.5.x before 5.5.14, does not properly validate sector-count data, which allows remote attackers to cause a denial of service (application crash) via a crafted CDF file. Debian_linux, File, Opensuse, Linux, Php N/A
2014-07-09 CVE-2014-3487 The cdf_read_property_info function in file before 5.19, as used in the Fileinfo component in PHP before 5.4.30 and 5.5.x before 5.5.14, does not properly validate a stream offset, which allows remote attackers to cause a denial of service (application crash) via a crafted CDF file. Debian_linux, File, Opensuse, Linux, Php N/A
2021-10-04 CVE-2021-21705 In PHP versions 7.3.x below 7.3.29, 7.4.x below 7.4.21 and 8.0.x below 8.0.8, when using URL validation functionality via filter_var() function with FILTER_VALIDATE_URL parameter, an URL with invalid password field can be accepted as valid. This can lead to the code incorrectly parsing the URL and potentially leading to other security implications - like contacting a wrong server or making a wrong access decision. Clustered_data_ontap, Sd\-Wan_aware, Php 5.3