PHP — популярный язык сценариев общего назначения, особенно подходящий для веб-разработки.

Релизный цикл, информация об уязвимостях

Продукт: PHP

Вендор: php

График релизов

Недавние уязвимости PHP

Количество 3 867

CVE-2016-5768

больше 9 лет назад

Double free vulnerability in the _php_mb_regex_ereg_replace_exec function in php_mbregex.c in the mbstring extension in PHP before 5.5.37, 5.6.x before 5.6.23, and 7.x before 7.0.8 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) by leveraging a callback exception.

CVSS3: 9.8

EPSS: Средний

CVE-2016-5768

больше 9 лет назад

Double free vulnerability in the _php_mb_regex_ereg_replace_exec funct ...

CVSS3: 9.8

EPSS: Средний

CVE-2016-5767

больше 9 лет назад

Integer overflow in the gdImageCreate function in gd.c in the GD Graphics Library (aka libgd) before 2.0.34RC1, as used in PHP before 5.5.37, 5.6.x before 5.6.23, and 7.x before 7.0.8, allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted image dimensions.

CVSS3: 8.8

EPSS: Низкий

CVE-2016-5767

больше 9 лет назад

Integer overflow in the gdImageCreate function in gd.c in the GD Graph ...

CVSS3: 8.8

EPSS: Низкий

CVE-2016-5766

больше 9 лет назад

Integer overflow in the _gd2GetHeader function in gd_gd2.c in the GD Graphics Library (aka libgd) before 2.2.3, as used in PHP before 5.5.37, 5.6.x before 5.6.23, and 7.x before 7.0.8, allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via crafted chunk dimensions in an image.

CVSS3: 8.8

EPSS: Средний

CVE-2016-5766

больше 9 лет назад

Integer overflow in the _gd2GetHeader function in gd_gd2.c in the GD G ...

CVSS3: 8.8

EPSS: Средний

CVE-2016-5116

больше 9 лет назад

gd_xbm.c in the GD Graphics Library (aka libgd) before 2.2.0, as used in certain custom PHP 5.5.x configurations, allows context-dependent attackers to obtain sensitive information from process memory or cause a denial of service (stack-based buffer under-read and application crash) via a long name.

CVSS3: 9.1

EPSS: Низкий

CVE-2016-5116

больше 9 лет назад

gd_xbm.c in the GD Graphics Library (aka libgd) before 2.2.0, as used ...

CVSS3: 9.1

EPSS: Низкий

CVE-2016-5114

больше 9 лет назад

sapi/fpm/fpm/fpm_log.c in PHP before 5.5.31, 5.6.x before 5.6.17, and 7.x before 7.0.2 misinterprets the semantics of the snprintf return value, which allows attackers to obtain sensitive information from process memory or cause a denial of service (out-of-bounds read and buffer overflow) via a long string, as demonstrated by a long URI in a configuration with custom REQUEST_URI logging.

CVSS3: 9.1

EPSS: Низкий

CVE-2016-5114

больше 9 лет назад

sapi/fpm/fpm/fpm_log.c in PHP before 5.5.31, 5.6.x before 5.6.17, and ...

CVSS3: 9.1

EPSS: Низкий

Уязвимостей на страницу

Уязвимость	CVSS	EPSS	Опубликовано 1
CVE-2016-5768 Double free vulnerability in the _php_mb_regex_ereg_replace_exec function in php_mbregex.c in the mbstring extension in PHP before 5.5.37, 5.6.x before 5.6.23, and 7.x before 7.0.8 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) by leveraging a callback exception.	CVSS3: 9.8	21% Средний	больше 9 лет назад
CVE-2016-5768 Double free vulnerability in the _php_mb_regex_ereg_replace_exec funct ...	CVSS3: 9.8	21% Средний	больше 9 лет назад
CVE-2016-5767 Integer overflow in the gdImageCreate function in gd.c in the GD Graphics Library (aka libgd) before 2.0.34RC1, as used in PHP before 5.5.37, 5.6.x before 5.6.23, and 7.x before 7.0.8, allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted image dimensions.	CVSS3: 8.8	4% Низкий	больше 9 лет назад
CVE-2016-5767 Integer overflow in the gdImageCreate function in gd.c in the GD Graph ...	CVSS3: 8.8	4% Низкий	больше 9 лет назад
CVE-2016-5766 Integer overflow in the _gd2GetHeader function in gd_gd2.c in the GD Graphics Library (aka libgd) before 2.2.3, as used in PHP before 5.5.37, 5.6.x before 5.6.23, and 7.x before 7.0.8, allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via crafted chunk dimensions in an image.	CVSS3: 8.8	15% Средний	больше 9 лет назад
CVE-2016-5766 Integer overflow in the _gd2GetHeader function in gd_gd2.c in the GD G ...	CVSS3: 8.8	15% Средний	больше 9 лет назад
CVE-2016-5116 gd_xbm.c in the GD Graphics Library (aka libgd) before 2.2.0, as used in certain custom PHP 5.5.x configurations, allows context-dependent attackers to obtain sensitive information from process memory or cause a denial of service (stack-based buffer under-read and application crash) via a long name.	CVSS3: 9.1	3% Низкий	больше 9 лет назад
CVE-2016-5116 gd_xbm.c in the GD Graphics Library (aka libgd) before 2.2.0, as used ...	CVSS3: 9.1	3% Низкий	больше 9 лет назад
CVE-2016-5114 sapi/fpm/fpm/fpm_log.c in PHP before 5.5.31, 5.6.x before 5.6.17, and 7.x before 7.0.2 misinterprets the semantics of the snprintf return value, which allows attackers to obtain sensitive information from process memory or cause a denial of service (out-of-bounds read and buffer overflow) via a long string, as demonstrated by a long URI in a configuration with custom REQUEST_URI logging.	CVSS3: 9.1	1% Низкий	больше 9 лет назад
CVE-2016-5114 sapi/fpm/fpm/fpm_log.c in PHP before 5.5.31, 5.6.x before 5.6.17, and ...	CVSS3: 9.1	1% Низкий	больше 9 лет назад

Уязвимостей на страницу