Search CVE reports
51 – 60 of 113 results
CVE-2020-7064
Medium priorityIn PHP versions 7.2.x below 7.2.9, 7.3.x below 7.3.16 and 7.4.x below 7.4.4, while parsing EXIF data with exif_read_data() function, it is possible for malicious data to cause PHP to read one byte of uninitialized memory. This...
5 affected packages
php5, php7.0, php7.2, php7.3, php7.4
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
php5 | — | — | Not in release | Not in release | Not in release |
php7.0 | — | — | Not in release | Not in release | Fixed |
php7.2 | — | — | Not in release | Fixed | Not in release |
php7.3 | — | — | Not in release | Not in release | Not in release |
php7.4 | — | — | Fixed | Not in release | Not in release |
CVE-2020-7063
Low priorityIn PHP versions 7.2.x below 7.2.28, 7.3.x below 7.3.15 and 7.4.x below 7.4.3, when creating PHAR archive using PharData::buildFromIterator() function, the files are added with default permissions (0666, or all access) even if the...
5 affected packages
php5, php7.0, php7.2, php7.3, php7.4
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
php5 | — | — | — | Not in release | Not in release |
php7.0 | — | — | — | Not in release | Fixed |
php7.2 | — | — | — | Fixed | Not in release |
php7.3 | — | — | — | Not in release | Not in release |
php7.4 | — | — | — | Not in release | Not in release |
CVE-2020-7062
Low priorityIn PHP versions 7.2.x below 7.2.28, 7.3.x below 7.3.15 and 7.4.x below 7.4.3, when using file upload functionality, if upload progress tracking is enabled, but session.upload_progress.cleanup is set to 0 (disabled), and the file...
5 affected packages
php5, php7.0, php7.2, php7.3, php7.4
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
php5 | — | — | — | Not in release | Not in release |
php7.0 | — | — | — | Not in release | Fixed |
php7.2 | — | — | — | Fixed | Not in release |
php7.3 | — | — | — | Not in release | Not in release |
php7.4 | — | — | — | Not in release | Not in release |
CVE-2020-7061
Low priorityIn PHP versions 7.3.x below 7.3.15 and 7.4.x below 7.4.3, while extracting PHAR files on Windows using phar extension, certain content inside PHAR file could lead to one-byte read past the allocated buffer. This could potentially...
5 affected packages
php5, php7.0, php7.2, php7.3, php7.4
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
php5 | — | — | — | Not in release | Not in release |
php7.0 | — | — | — | Not in release | Not affected |
php7.2 | — | — | — | Not affected | Not in release |
php7.3 | — | — | — | Not in release | Not in release |
php7.4 | — | — | — | Not in release | Not in release |
CVE-2017-6363
Low prioritySome fixes available 4 of 6
** DISPUTED ** In the GD Graphics Library (aka LibGD) through 2.2.5, there is a heap-based buffer over-read in tiffWriter in gd_tiff.c. NOTE: the vendor says "In my opinion this issue should not have a CVE, since the GD and GD2...
6 affected packages
libgd2, php5, php7.0, php7.2, php7.3, php7.4
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
libgd2 | Not affected | Not affected | Fixed | Fixed | Fixed |
php5 | Not in release | Not in release | Not in release | Not in release | Not in release |
php7.0 | Not in release | Not in release | Not in release | Not in release | Not affected |
php7.2 | Not in release | Not in release | Not in release | Not affected | Not in release |
php7.3 | Not in release | Not in release | Not in release | Not in release | Not in release |
php7.4 | Not in release | Not in release | Not affected | Not in release | Not in release |
CVE-2018-14553
Low prioritySome fixes available 14 of 24
gdImageClone in gd.c in libgd 2.1.0-rc2 through 2.2.5 has a NULL pointer dereference allowing attackers to crash an application via a specific function call sequence. Only affects PHP when linked with an external libgd (not bundled).
6 affected packages
doxygen, libgd2, php5, php7.0, php7.2, php7.3
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
doxygen | Vulnerable | Vulnerable | Vulnerable | Not affected | Not affected |
libgd2 | Fixed | Fixed | Fixed | Fixed | Fixed |
php5 | Not in release | Not in release | Not in release | Not in release | Not in release |
php7.0 | Not in release | Not in release | Not in release | Not in release | Not affected |
php7.2 | Not in release | Not in release | Not in release | Not affected | Not in release |
php7.3 | Not in release | Not in release | Not in release | Not in release | Not in release |
CVE-2020-7060
Medium priorityWhen using certain mbstring functions to convert multibyte encodings, in PHP versions 7.2.x below 7.2.27, 7.3.x below 7.3.14 and 7.4.x below 7.4.2 it is possible to supply data that will cause function mbfl_filt_conv_big5_wchar to...
4 affected packages
php5, php7.0, php7.2, php7.3
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
php5 | — | — | — | Not in release | Not in release |
php7.0 | — | — | — | Not in release | Fixed |
php7.2 | — | — | — | Fixed | Not in release |
php7.3 | — | — | — | Not in release | Not in release |
CVE-2020-7059
Medium priorityWhen using fgetss() function to read data with stripping tags, in PHP versions 7.2.x below 7.2.27, 7.3.x below 7.3.14 and 7.4.x below 7.4.2 it is possible to supply data that will cause this function to read past the allocated...
4 affected packages
php5, php7.0, php7.2, php7.3
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
php5 | — | — | — | Not in release | Not in release |
php7.0 | — | — | — | Not in release | Fixed |
php7.2 | — | — | — | Fixed | Not in release |
php7.3 | — | — | — | Not in release | Not in release |
CVE-2019-11050
Low priorityWhen PHP EXIF extension is parsing EXIF information from an image, e.g. via exif_read_data() function, in PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0 it is possible to supply it with data what will cause it to...
4 affected packages
php5, php7.0, php7.2, php7.3
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
php5 | — | — | — | Not in release | Not in release |
php7.0 | — | — | — | Not in release | Fixed |
php7.2 | — | — | — | Fixed | Not in release |
php7.3 | — | — | — | Not in release | Not in release |
CVE-2019-11049
Medium priorityIn PHP versions 7.3.x below 7.3.13 and 7.4.0 on Windows, when supplying custom headers to mail() function, due to mistake introduced in commit 78f4b4a2dcf92ddbccea1bb95f8390a18ac3342e, if the header is supplied in lowercase, this...
4 affected packages
php5, php7.0, php7.2, php7.3
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
php5 | — | — | — | Not in release | Not in release |
php7.0 | — | — | — | Not in release | Not affected |
php7.2 | — | — | — | Not affected | Not in release |
php7.3 | — | — | — | Not in release | Not in release |