PHP — популярный язык сценариев общего назначения, особенно подходящий для веб-разработки.

Релизный цикл, информация об уязвимостях

Продукт: PHP

Вендор: php

График релизов

Недавние уязвимости PHP

Количество 3 883

CVE-2016-7413

больше 9 лет назад

Use-after-free vulnerability in the wddx_stack_destroy function in ext/wddx/wddx.c in PHP before 5.6.26 and 7.x before 7.0.11 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a wddxPacket XML document that lacks an end-tag for a recordset field element, leading to mishandling in a wddx_deserialize call.

CVSS3: 5.9

EPSS: Низкий

CVE-2016-6207

больше 9 лет назад

Integer overflow in the _gdContributionsAlloc function in gd_interpolation.c in GD Graphics Library (aka libgd) before 2.2.3 allows remote attackers to cause a denial of service (out-of-bounds memory write or memory consumption) via unspecified vectors.

CVSS3: 6.5

EPSS: Низкий

CVE-2016-6207

больше 9 лет назад

Integer overflow in the _gdContributionsAlloc function in gd_interpola ...

CVSS3: 6.5

EPSS: Низкий

CVE-2016-6207

больше 9 лет назад

CVSS3: 6.5

EPSS: Низкий

CVE-2016-6128

больше 9 лет назад

The gdImageCropThreshold function in gd_crop.c in the GD Graphics Library (aka libgd) before 2.2.3, as used in PHP before 7.0.9, allows remote attackers to cause a denial of service (application crash) via an invalid color index.

CVSS3: 7.5

EPSS: Средний

CVE-2016-6128

больше 9 лет назад

The gdImageCropThreshold function in gd_crop.c in the GD Graphics Libr ...

CVSS3: 7.5

EPSS: Средний

CVE-2016-5773

больше 9 лет назад

php_zip.c in the zip extension in PHP before 5.5.37, 5.6.x before 5.6.23, and 7.x before 7.0.8 improperly interacts with the unserialize implementation and garbage collection, which allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free and application crash) via crafted serialized data containing a ZipArchive object.

CVSS3: 9.8

EPSS: Средний

CVE-2016-5773

больше 9 лет назад

php_zip.c in the zip extension in PHP before 5.5.37, 5.6.x before 5.6. ...

CVSS3: 9.8

EPSS: Средний

CVE-2016-5772

больше 9 лет назад

Double free vulnerability in the php_wddx_process_data function in wddx.c in the WDDX extension in PHP before 5.5.37, 5.6.x before 5.6.23, and 7.x before 7.0.8 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted XML data that is mishandled in a wddx_deserialize call.

CVSS3: 9.8

EPSS: Средний

CVE-2016-5772

больше 9 лет назад

Double free vulnerability in the php_wddx_process_data function in wdd ...

CVSS3: 9.8

EPSS: Средний

Уязвимостей на страницу

Уязвимость	CVSS	EPSS	Опубликовано 1
CVE-2016-7413 Use-after-free vulnerability in the wddx_stack_destroy function in ext/wddx/wddx.c in PHP before 5.6.26 and 7.x before 7.0.11 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a wddxPacket XML document that lacks an end-tag for a recordset field element, leading to mishandling in a wddx_deserialize call.	CVSS3: 5.9	2% Низкий	больше 9 лет назад
CVE-2016-6207 Integer overflow in the _gdContributionsAlloc function in gd_interpolation.c in GD Graphics Library (aka libgd) before 2.2.3 allows remote attackers to cause a denial of service (out-of-bounds memory write or memory consumption) via unspecified vectors.	CVSS3: 6.5	9% Низкий	больше 9 лет назад
CVE-2016-6207 Integer overflow in the _gdContributionsAlloc function in gd_interpola ...	CVSS3: 6.5	9% Низкий	больше 9 лет назад
CVE-2016-6207 Integer overflow in the _gdContributionsAlloc function in gd_interpolation.c in GD Graphics Library (aka libgd) before 2.2.3 allows remote attackers to cause a denial of service (out-of-bounds memory write or memory consumption) via unspecified vectors.	CVSS3: 6.5	9% Низкий	больше 9 лет назад
CVE-2016-6128 The gdImageCropThreshold function in gd_crop.c in the GD Graphics Library (aka libgd) before 2.2.3, as used in PHP before 7.0.9, allows remote attackers to cause a denial of service (application crash) via an invalid color index.	CVSS3: 7.5	16% Средний	больше 9 лет назад
CVE-2016-6128 The gdImageCropThreshold function in gd_crop.c in the GD Graphics Libr ...	CVSS3: 7.5	16% Средний	больше 9 лет назад
CVE-2016-5773 php_zip.c in the zip extension in PHP before 5.5.37, 5.6.x before 5.6.23, and 7.x before 7.0.8 improperly interacts with the unserialize implementation and garbage collection, which allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free and application crash) via crafted serialized data containing a ZipArchive object.	CVSS3: 9.8	22% Средний	больше 9 лет назад
CVE-2016-5773 php_zip.c in the zip extension in PHP before 5.5.37, 5.6.x before 5.6. ...	CVSS3: 9.8	22% Средний	больше 9 лет назад
CVE-2016-5772 Double free vulnerability in the php_wddx_process_data function in wddx.c in the WDDX extension in PHP before 5.5.37, 5.6.x before 5.6.23, and 7.x before 7.0.8 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted XML data that is mishandled in a wddx_deserialize call.	CVSS3: 9.8	16% Средний	больше 9 лет назад
CVE-2016-5772 Double free vulnerability in the php_wddx_process_data function in wdd ...	CVSS3: 9.8	16% Средний	больше 9 лет назад

Уязвимостей на страницу