CVE search results

171 – 180 of 659 results

Detailed view

Sort by:

CVE-2016-9935

Medium priority

Fixed

The php_wddx_push_element function in ext/wddx/wddx.c in PHP before 5.6.29 and 7.x before 7.0.14 allows remote attackers to cause a denial of service (out-of-bounds read and memory corruption) or possibly have unspecified other...

2 affected packages

php7.0, php5

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
php7.0	—	—	—	—
php5	—	—	—	—

CVE-2016-9934

Medium priority

Fixed

ext/wddx/wddx.c in PHP before 5.6.28 and 7.x before 7.0.13 allows remote attackers to cause a denial of service (NULL pointer dereference) via crafted serialized data in a wddxPacket XML document, as demonstrated by a PDORow string.

2 affected packages

php5, php7.0

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
php5	—	—	—	—
php7.0	—	—	—	—

CVE-2016-9933

Low priority

Fixed

Stack consumption vulnerability in the gdImageFillToBorder function in gd.c in the GD Graphics Library (aka libgd) before 2.2.2, as used in PHP before 5.6.28 and 7.x before 7.0.13, allows remote attackers to cause a denial...

3 affected packages

libgd2, php5, php7.0

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
libgd2	—	—	—	—
php5	—	—	—	—
php7.0	—	—	—	—

CVE-2016-9137

Low priority

Fixed

Use-after-free vulnerability in the CURLFile implementation in ext/curl/curl_file.c in PHP before 5.6.27 and 7.x before 7.0.12 allows remote attackers to cause a denial of service or possibly have unspecified other impact via...

2 affected packages

php7.0, php5

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
php7.0	—	—	—	—
php5	—	—	—	—

CVE-2014-9912

Low priority

Fixed

The get_icu_disp_value_src_php function in ext/intl/locale/locale_methods.c in PHP before 5.3.29, 5.4.x before 5.4.30, and 5.5.x before 5.5.14 does not properly restrict calls to the ICU uresbund.cpp component, which allows remote...

2 affected packages

php7.0, php5

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
php7.0	—	—	—	—
php5	—	—	—	—

CVE-2016-6906

Low priority

Fixed

The read_image_tga function in gd_tga.c in the GD Graphics Library (aka libgd) before 2.2.4 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted TGA file, related to the decompression buffer.

3 affected packages

php7.0, libgd2, php5

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
php7.0	—	—	—	—
libgd2	—	—	—	—
php5	—	—	—	—

CVE-2016-10168

Medium priority

Fixed

Integer overflow in gd_io.c in the GD Graphics Library (aka libgd) before 2.2.4 allows remote attackers to have unspecified impact via vectors involving the number of horizontal and vertical chunks in an image.

4 affected packages

libgd2, php5, php7.0, php7.1

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
libgd2	—	—	—	—
php5	—	—	—	—
php7.0	—	—	—	—
php7.1	—	—	—	—

CVE-2016-10167

Medium priority

Fixed

The gdImageCreateFromGd2Ctx function in gd_gd2.c in the GD Graphics Library (aka libgd) before 2.2.4 allows remote attackers to cause a denial of service (application crash) via a crafted image file.

4 affected packages

libgd2, php5, php7.0, php7.1

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
libgd2	—	—	—	—
php5	—	—	—	—
php7.0	—	—	—	—
php7.1	—	—	—	—

CVE-2016-10166

Medium priority

Fixed

Integer underflow in the _gdContributionsAlloc function in gd_interpolation.c in the GD Graphics Library (aka libgd) before 2.2.4 allows remote attackers to have unspecified impact via vectors related to decrementing the u variable.

3 affected packages

libgd2, php5, php7.0

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
libgd2	—	—	—	—
php5	—	—	—	—
php7.0	—	—	—	—

CVE-2016-8670

Medium priority

Fixed

Integer signedness error in the dynamicGetbuf function in gd_io_dp.c in the GD Graphics Library (aka libgd) through 2.2.3, as used in PHP before 5.6.28 and 7.x before 7.0.13, allows remote attackers to cause a denial of...

3 affected packages

php5, libgd2, php7.0

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
php5	—	—	—	—
libgd2	—	—	—	—
php7.0	—	—	—	—

Export to JSON

Results by page:

Search CVE reports