PHP — популярный язык сценариев общего назначения, особенно подходящий для веб-разработки.
Релизный цикл, информация об уязвимостях
График релизов
Количество 3 867
CVE-2014-1943
Fine Free file before 5.17 allows context-dependent attackers to cause a denial of service (infinite recursion, CPU consumption, and crash) via a crafted indirect offset value in the magic of a file.
CVE-2014-1943
Fine Free file before 5.17 allows context-dependent attackers to cause ...
CVE-2014-1943
Fine Free file before 5.17 allows context-dependent attackers to cause a denial of service (infinite recursion, CPU consumption, and crash) via a crafted indirect offset value in the magic of a file.
CVE-2014-2020
ext/gd/gd.c in PHP 5.5.x before 5.5.9 does not check data types, which might allow remote attackers to obtain sensitive information by using a (1) string or (2) array data type in place of a numeric data type, as demonstrated by an imagecrop function call with a string for the x dimension value, a different vulnerability than CVE-2013-7226.
CVE-2014-2020
ext/gd/gd.c in PHP 5.5.x before 5.5.9 does not check data types, which ...
CVE-2013-7328
Multiple integer signedness errors in the gdImageCrop function in ext/gd/gd.c in PHP 5.5.x before 5.5.9 allow remote attackers to cause a denial of service (application crash) or obtain sensitive information via an imagecrop function call with a negative value for the (1) x or (2) y dimension, a different vulnerability than CVE-2013-7226.
CVE-2013-7328
Multiple integer signedness errors in the gdImageCrop function in ext/ ...
CVE-2013-7327
The gdImageCrop function in ext/gd/gd.c in PHP 5.5.x before 5.5.9 does not check return values, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via invalid imagecrop arguments that lead to use of a NULL pointer as a return value, a different vulnerability than CVE-2013-7226.
CVE-2013-7327
The gdImageCrop function in ext/gd/gd.c in PHP 5.5.x before 5.5.9 does ...
CVE-2013-7226
Integer overflow in the gdImageCrop function in ext/gd/gd.c in PHP 5.5.x before 5.5.9 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via an imagecrop function call with a large x dimension value, leading to a heap-based buffer overflow.
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано 1 | |
|---|---|---|---|---|
 | CVE-2014-1943 Fine Free file before 5.17 allows context-dependent attackers to cause a denial of service (infinite recursion, CPU consumption, and crash) via a crafted indirect offset value in the magic of a file. | CVSS2: 5 | 21% Средний | больше 11 лет назад |
| CVE-2014-1943 Fine Free file before 5.17 allows context-dependent attackers to cause ... | CVSS2: 5 | 21% Средний | больше 11 лет назад |
 | CVE-2014-1943 Fine Free file before 5.17 allows context-dependent attackers to cause a denial of service (infinite recursion, CPU consumption, and crash) via a crafted indirect offset value in the magic of a file. | CVSS2: 5 | 21% Средний | больше 11 лет назад |
| CVE-2014-2020 ext/gd/gd.c in PHP 5.5.x before 5.5.9 does not check data types, which might allow remote attackers to obtain sensitive information by using a (1) string or (2) array data type in place of a numeric data type, as demonstrated by an imagecrop function call with a string for the x dimension value, a different vulnerability than CVE-2013-7226. | CVSS2: 5 | 0% Низкий | больше 11 лет назад |
| CVE-2014-2020 ext/gd/gd.c in PHP 5.5.x before 5.5.9 does not check data types, which ... | CVSS2: 5 | 0% Низкий | больше 11 лет назад |
| CVE-2013-7328 Multiple integer signedness errors in the gdImageCrop function in ext/gd/gd.c in PHP 5.5.x before 5.5.9 allow remote attackers to cause a denial of service (application crash) or obtain sensitive information via an imagecrop function call with a negative value for the (1) x or (2) y dimension, a different vulnerability than CVE-2013-7226. | CVSS2: 5.8 | 1% Низкий | больше 11 лет назад |
| CVE-2013-7328 Multiple integer signedness errors in the gdImageCrop function in ext/ ... | CVSS2: 5.8 | 1% Низкий | больше 11 лет назад |
| CVE-2013-7327 The gdImageCrop function in ext/gd/gd.c in PHP 5.5.x before 5.5.9 does not check return values, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via invalid imagecrop arguments that lead to use of a NULL pointer as a return value, a different vulnerability than CVE-2013-7226. | CVSS2: 6.8 | 1% Низкий | больше 11 лет назад |
| CVE-2013-7327 The gdImageCrop function in ext/gd/gd.c in PHP 5.5.x before 5.5.9 does ... | CVSS2: 6.8 | 1% Низкий | больше 11 лет назад |
| CVE-2013-7226 Integer overflow in the gdImageCrop function in ext/gd/gd.c in PHP 5.5.x before 5.5.9 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via an imagecrop function call with a large x dimension value, leading to a heap-based buffer overflow. | CVSS2: 6.8 | 10% Средний | больше 11 лет назад |
Уязвимостей на страницу