PHP — популярный язык сценариев общего назначения, особенно подходящий для веб-разработки.

Релизный цикл, информация об уязвимостях

Продукт: PHP

Вендор: php

График релизов

Недавние уязвимости PHP

Количество 3 883

CVE-2016-5766

больше 9 лет назад

Integer overflow in the _gd2GetHeader function in gd_gd2.c in the GD Graphics Library (aka libgd) before 2.2.3, as used in PHP before 5.5.37, 5.6.x before 5.6.23, and 7.x before 7.0.8, allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via crafted chunk dimensions in an image.

CVSS3: 8.8

EPSS: Средний

CVE-2016-5766

больше 9 лет назад

Integer overflow in the _gd2GetHeader function in gd_gd2.c in the GD G ...

CVSS3: 8.8

EPSS: Средний

CVE-2016-5116

больше 9 лет назад

gd_xbm.c in the GD Graphics Library (aka libgd) before 2.2.0, as used in certain custom PHP 5.5.x configurations, allows context-dependent attackers to obtain sensitive information from process memory or cause a denial of service (stack-based buffer under-read and application crash) via a long name.

CVSS3: 9.1

EPSS: Низкий

CVE-2016-5116

больше 9 лет назад

gd_xbm.c in the GD Graphics Library (aka libgd) before 2.2.0, as used ...

CVSS3: 9.1

EPSS: Низкий

CVE-2016-5114

больше 9 лет назад

sapi/fpm/fpm/fpm_log.c in PHP before 5.5.31, 5.6.x before 5.6.17, and 7.x before 7.0.2 misinterprets the semantics of the snprintf return value, which allows attackers to obtain sensitive information from process memory or cause a denial of service (out-of-bounds read and buffer overflow) via a long string, as demonstrated by a long URI in a configuration with custom REQUEST_URI logging.

CVSS3: 9.1

EPSS: Низкий

CVE-2016-5114

больше 9 лет назад

sapi/fpm/fpm/fpm_log.c in PHP before 5.5.31, 5.6.x before 5.6.17, and ...

CVSS3: 9.1

EPSS: Низкий

CVE-2016-5096

больше 9 лет назад

Integer overflow in the fread function in ext/standard/file.c in PHP before 5.5.36 and 5.6.x before 5.6.22 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a large integer in the second argument.

CVSS3: 8.6

EPSS: Низкий

CVE-2016-5096

больше 9 лет назад

Integer overflow in the fread function in ext/standard/file.c in PHP b ...

CVSS3: 8.6

EPSS: Низкий

CVE-2016-5095

больше 9 лет назад

Integer overflow in the php_escape_html_entities_ex function in ext/standard/html.c in PHP before 5.5.36 and 5.6.x before 5.6.22 allows remote attackers to cause a denial of service or possibly have unspecified other impact by triggering a large output string from a FILTER_SANITIZE_FULL_SPECIAL_CHARS filter_var call. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-5094.

CVSS3: 8.6

EPSS: Низкий

CVE-2016-5095

больше 9 лет назад

Integer overflow in the php_escape_html_entities_ex function in ext/st ...

CVSS3: 8.6

EPSS: Низкий

Уязвимостей на страницу

Уязвимость	CVSS	EPSS	Опубликовано 1
CVE-2016-5766 Integer overflow in the _gd2GetHeader function in gd_gd2.c in the GD Graphics Library (aka libgd) before 2.2.3, as used in PHP before 5.5.37, 5.6.x before 5.6.23, and 7.x before 7.0.8, allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via crafted chunk dimensions in an image.	CVSS3: 8.8	16% Средний	больше 9 лет назад
CVE-2016-5766 Integer overflow in the _gd2GetHeader function in gd_gd2.c in the GD G ...	CVSS3: 8.8	16% Средний	больше 9 лет назад
CVE-2016-5116 gd_xbm.c in the GD Graphics Library (aka libgd) before 2.2.0, as used in certain custom PHP 5.5.x configurations, allows context-dependent attackers to obtain sensitive information from process memory or cause a denial of service (stack-based buffer under-read and application crash) via a long name.	CVSS3: 9.1	2% Низкий	больше 9 лет назад
CVE-2016-5116 gd_xbm.c in the GD Graphics Library (aka libgd) before 2.2.0, as used ...	CVSS3: 9.1	2% Низкий	больше 9 лет назад
CVE-2016-5114 sapi/fpm/fpm/fpm_log.c in PHP before 5.5.31, 5.6.x before 5.6.17, and 7.x before 7.0.2 misinterprets the semantics of the snprintf return value, which allows attackers to obtain sensitive information from process memory or cause a denial of service (out-of-bounds read and buffer overflow) via a long string, as demonstrated by a long URI in a configuration with custom REQUEST_URI logging.	CVSS3: 9.1	1% Низкий	больше 9 лет назад
CVE-2016-5114 sapi/fpm/fpm/fpm_log.c in PHP before 5.5.31, 5.6.x before 5.6.17, and ...	CVSS3: 9.1	1% Низкий	больше 9 лет назад
CVE-2016-5096 Integer overflow in the fread function in ext/standard/file.c in PHP before 5.5.36 and 5.6.x before 5.6.22 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a large integer in the second argument.	CVSS3: 8.6	2% Низкий	больше 9 лет назад
CVE-2016-5096 Integer overflow in the fread function in ext/standard/file.c in PHP b ...	CVSS3: 8.6	2% Низкий	больше 9 лет назад
CVE-2016-5095 Integer overflow in the php_escape_html_entities_ex function in ext/standard/html.c in PHP before 5.5.36 and 5.6.x before 5.6.22 allows remote attackers to cause a denial of service or possibly have unspecified other impact by triggering a large output string from a FILTER_SANITIZE_FULL_SPECIAL_CHARS filter_var call. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-5094.	CVSS3: 8.6	1% Низкий	больше 9 лет назад
CVE-2016-5095 Integer overflow in the php_escape_html_entities_ex function in ext/st ...	CVSS3: 8.6	1% Низкий	больше 9 лет назад

Уязвимостей на страницу