PHP — популярный язык сценариев общего назначения, особенно подходящий для веб-разработки.

Релизный цикл, информация об уязвимостях

Продукт: PHP

Вендор: php

График релизов

Недавние уязвимости PHP

Количество 3 889

CVE-2014-2270

около 12 лет назад

softmagic.c in file before 5.17 and libmagic allows context-dependent attackers to cause a denial of service (out-of-bounds memory access and crash) via crafted offsets in the softmagic of a PE executable.

CVSS2: 4.3

EPSS: Средний

CVE-2014-2497

около 12 лет назад

The gdImageCreateFromXpm function in gdxpm.c in libgd, as used in PHP 5.4.26 and earlier, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted color table in an XPM file.

CVSS2: 2.6

EPSS: Средний

CVE-2014-1943

около 12 лет назад

Fine Free file before 5.17 allows context-dependent attackers to cause a denial of service (infinite recursion, CPU consumption, and crash) via a crafted indirect offset value in the magic of a file.

CVSS2: 5

EPSS: Средний

CVE-2014-1943

около 12 лет назад

Fine Free file before 5.17 allows context-dependent attackers to cause ...

CVSS2: 5

EPSS: Средний

CVE-2014-1943

около 12 лет назад

Fine Free file before 5.17 allows context-dependent attackers to cause a denial of service (infinite recursion, CPU consumption, and crash) via a crafted indirect offset value in the magic of a file.

CVSS2: 5

EPSS: Средний

CVE-2014-2020

около 12 лет назад

ext/gd/gd.c in PHP 5.5.x before 5.5.9 does not check data types, which might allow remote attackers to obtain sensitive information by using a (1) string or (2) array data type in place of a numeric data type, as demonstrated by an imagecrop function call with a string for the x dimension value, a different vulnerability than CVE-2013-7226.

CVSS2: 5

EPSS: Низкий

CVE-2014-2020

около 12 лет назад

ext/gd/gd.c in PHP 5.5.x before 5.5.9 does not check data types, which ...

CVSS2: 5

EPSS: Низкий

CVE-2013-7328

около 12 лет назад

Multiple integer signedness errors in the gdImageCrop function in ext/gd/gd.c in PHP 5.5.x before 5.5.9 allow remote attackers to cause a denial of service (application crash) or obtain sensitive information via an imagecrop function call with a negative value for the (1) x or (2) y dimension, a different vulnerability than CVE-2013-7226.

CVSS2: 5.8

EPSS: Низкий

CVE-2013-7328

около 12 лет назад

Multiple integer signedness errors in the gdImageCrop function in ext/ ...

CVSS2: 5.8

EPSS: Низкий

CVE-2013-7327

около 12 лет назад

The gdImageCrop function in ext/gd/gd.c in PHP 5.5.x before 5.5.9 does not check return values, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via invalid imagecrop arguments that lead to use of a NULL pointer as a return value, a different vulnerability than CVE-2013-7226.

CVSS2: 6.8

EPSS: Низкий

Уязвимостей на страницу

Уязвимость	CVSS	EPSS	Опубликовано 1
CVE-2014-2270 softmagic.c in file before 5.17 and libmagic allows context-dependent attackers to cause a denial of service (out-of-bounds memory access and crash) via crafted offsets in the softmagic of a PE executable.	CVSS2: 4.3	27% Средний	около 12 лет назад
CVE-2014-2497 The gdImageCreateFromXpm function in gdxpm.c in libgd, as used in PHP 5.4.26 and earlier, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted color table in an XPM file.	CVSS2: 2.6	12% Средний	около 12 лет назад
CVE-2014-1943 Fine Free file before 5.17 allows context-dependent attackers to cause a denial of service (infinite recursion, CPU consumption, and crash) via a crafted indirect offset value in the magic of a file.	CVSS2: 5	21% Средний	около 12 лет назад
CVE-2014-1943 Fine Free file before 5.17 allows context-dependent attackers to cause ...	CVSS2: 5	21% Средний	около 12 лет назад
CVE-2014-1943 Fine Free file before 5.17 allows context-dependent attackers to cause a denial of service (infinite recursion, CPU consumption, and crash) via a crafted indirect offset value in the magic of a file.	CVSS2: 5	21% Средний	около 12 лет назад
CVE-2014-2020 ext/gd/gd.c in PHP 5.5.x before 5.5.9 does not check data types, which might allow remote attackers to obtain sensitive information by using a (1) string or (2) array data type in place of a numeric data type, as demonstrated by an imagecrop function call with a string for the x dimension value, a different vulnerability than CVE-2013-7226.	CVSS2: 5	0% Низкий	около 12 лет назад
CVE-2014-2020 ext/gd/gd.c in PHP 5.5.x before 5.5.9 does not check data types, which ...	CVSS2: 5	0% Низкий	около 12 лет назад
CVE-2013-7328 Multiple integer signedness errors in the gdImageCrop function in ext/gd/gd.c in PHP 5.5.x before 5.5.9 allow remote attackers to cause a denial of service (application crash) or obtain sensitive information via an imagecrop function call with a negative value for the (1) x or (2) y dimension, a different vulnerability than CVE-2013-7226.	CVSS2: 5.8	1% Низкий	около 12 лет назад
CVE-2013-7328 Multiple integer signedness errors in the gdImageCrop function in ext/ ...	CVSS2: 5.8	1% Низкий	около 12 лет назад
CVE-2013-7327 The gdImageCrop function in ext/gd/gd.c in PHP 5.5.x before 5.5.9 does not check return values, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via invalid imagecrop arguments that lead to use of a NULL pointer as a return value, a different vulnerability than CVE-2013-7226.	CVSS2: 6.8	1% Низкий	около 12 лет назад

Уязвимостей на страницу