PHP — популярный язык сценариев общего назначения, особенно подходящий для веб-разработки.

Релизный цикл, информация об уязвимостях

Продукт: PHP

Вендор: php

График релизов

Недавние уязвимости PHP

Количество 3 867

CVE-2016-9933

почти 9 лет назад

Stack consumption vulnerability in the gdImageFillToBorder function in gd.c in the GD Graphics Library (aka libgd) before 2.2.2, as used in PHP before 5.6.28 and 7.x before 7.0.13, allows remote attackers to cause a denial of service (segmentation violation) via a crafted imagefilltoborder call that triggers use of a negative color value.

CVSS3: 7.5

EPSS: Средний

CVE-2016-9933

почти 9 лет назад

Stack consumption vulnerability in the gdImageFillToBorder function in ...

CVSS3: 7.5

EPSS: Средний

CVE-2016-9138

почти 9 лет назад

PHP through 5.6.27 and 7.x through 7.0.12 mishandles property modification during __wakeup processing, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted serialized data, as demonstrated by Exception::__toString with DateInterval::__wakeup.

CVSS3: 9.8

EPSS: Низкий

CVE-2016-9138

почти 9 лет назад

PHP through 5.6.27 and 7.x through 7.0.12 mishandles property modifica ...

CVSS3: 9.8

EPSS: Низкий

CVE-2016-9137

почти 9 лет назад

Use-after-free vulnerability in the CURLFile implementation in ext/curl/curl_file.c in PHP before 5.6.27 and 7.x before 7.0.12 allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted serialized data that is mishandled during __wakeup processing.

CVSS3: 9.8

EPSS: Низкий

CVE-2016-9137

почти 9 лет назад

Use-after-free vulnerability in the CURLFile implementation in ext/cur ...

CVSS3: 9.8

EPSS: Низкий

CVE-2016-8670

почти 9 лет назад

Integer signedness error in the dynamicGetbuf function in gd_io_dp.c in the GD Graphics Library (aka libgd) through 2.2.3, as used in PHP before 5.6.28 and 7.x before 7.0.13, allows remote attackers to cause a denial of service (stack-based buffer overflow) or possibly have unspecified other impact via a crafted imagecreatefromstring call.

CVSS3: 9.8

EPSS: Низкий

CVE-2016-8670

почти 9 лет назад

Integer signedness error in the dynamicGetbuf function in gd_io_dp.c i ...

CVSS3: 9.8

EPSS: Низкий

CVE-2014-9912

почти 9 лет назад

The get_icu_disp_value_src_php function in ext/intl/locale/locale_methods.c in PHP before 5.3.29, 5.4.x before 5.4.30, and 5.5.x before 5.5.14 does not properly restrict calls to the ICU uresbund.cpp component, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a locale_get_display_name call with a long first argument.

CVSS3: 9.8

EPSS: Низкий

CVE-2014-9912

почти 9 лет назад

The get_icu_disp_value_src_php function in ext/intl/locale/locale_meth ...

CVSS3: 9.8

EPSS: Низкий

Уязвимостей на страницу

Уязвимость	CVSS	EPSS	Опубликовано 1
CVE-2016-9933 Stack consumption vulnerability in the gdImageFillToBorder function in gd.c in the GD Graphics Library (aka libgd) before 2.2.2, as used in PHP before 5.6.28 and 7.x before 7.0.13, allows remote attackers to cause a denial of service (segmentation violation) via a crafted imagefilltoborder call that triggers use of a negative color value.	CVSS3: 7.5	11% Средний	почти 9 лет назад
CVE-2016-9933 Stack consumption vulnerability in the gdImageFillToBorder function in ...	CVSS3: 7.5	11% Средний	почти 9 лет назад
CVE-2016-9138 PHP through 5.6.27 and 7.x through 7.0.12 mishandles property modification during __wakeup processing, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted serialized data, as demonstrated by Exception::__toString with DateInterval::__wakeup.	CVSS3: 9.8	4% Низкий	почти 9 лет назад
CVE-2016-9138 PHP through 5.6.27 and 7.x through 7.0.12 mishandles property modifica ...	CVSS3: 9.8	4% Низкий	почти 9 лет назад
CVE-2016-9137 Use-after-free vulnerability in the CURLFile implementation in ext/curl/curl_file.c in PHP before 5.6.27 and 7.x before 7.0.12 allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted serialized data that is mishandled during __wakeup processing.	CVSS3: 9.8	1% Низкий	почти 9 лет назад
CVE-2016-9137 Use-after-free vulnerability in the CURLFile implementation in ext/cur ...	CVSS3: 9.8	1% Низкий	почти 9 лет назад
CVE-2016-8670 Integer signedness error in the dynamicGetbuf function in gd_io_dp.c in the GD Graphics Library (aka libgd) through 2.2.3, as used in PHP before 5.6.28 and 7.x before 7.0.13, allows remote attackers to cause a denial of service (stack-based buffer overflow) or possibly have unspecified other impact via a crafted imagecreatefromstring call.	CVSS3: 9.8	2% Низкий	почти 9 лет назад
CVE-2016-8670 Integer signedness error in the dynamicGetbuf function in gd_io_dp.c i ...	CVSS3: 9.8	2% Низкий	почти 9 лет назад
CVE-2014-9912 The get_icu_disp_value_src_php function in ext/intl/locale/locale_methods.c in PHP before 5.3.29, 5.4.x before 5.4.30, and 5.5.x before 5.5.14 does not properly restrict calls to the ICU uresbund.cpp component, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a locale_get_display_name call with a long first argument.	CVSS3: 9.8	1% Низкий	почти 9 лет назад
CVE-2014-9912 The get_icu_disp_value_src_php function in ext/intl/locale/locale_meth ...	CVSS3: 9.8	1% Низкий	почти 9 лет назад

Уязвимостей на страницу