Information on source package php5

Available versions

ReleaseVersion
jessie5.6.40+dfsg-0+deb8u21

Open issues

BugjessieDescription
TEMP-0800564-79703Bvulnerable (no DSA, ignored)trivial hash complexity DoS attack
CVE-2024-2408vulnerable (no DSA, postponed)The openssl_private_decrypt function in PHP, when using PKCS1 padding ...
CVE-2023-3247vulnerable (no DSA, ignored)In PHP versions 8.0.* before 8.0.29, 8.1.* before 8.1.20, 8.2.* before ...
CVE-2017-7272vulnerable (no DSA, ignored)PHP through 7.1.11 enables potential SSRF in applications that accept ...
CVE-2017-7189vulnerable (no DSA, ignored)main/streams/xp_socket.c in PHP 7.x before 2017-03-07 misparses fsocko ...

Open unimportant issues

BugjessieDescription
CVE-2019-11038vulnerableWhen using the gdImageCreateFromXbm() function in the GD Graphics Libr ...
CVE-2017-11362vulnerableIn PHP 7.x before 7.0.21 and 7.1.x before 7.1.7, ext/intl/msgformat/ms ...
CVE-2017-9119vulnerableThe i_zval_ptr_dtor function in Zend/zend_variables.h in PHP 7.1.5 all ...
CVE-2017-9118vulnerablePHP 7.1.5 has an Out of bounds access in php_pcre_replace_impl via a c ...
CVE-2017-7890vulnerableThe GIF decoding function gdImageCreateFromGifCtx in gd_gif_in.c in th ...
CVE-2017-5630vulnerablePECL in the download utility class in the Installer in PEAR Base Syste ...
CVE-2016-5116vulnerablegd_xbm.c in the GD Graphics Library (aka libgd) before 2.2.0, as used ...
CVE-2015-9253vulnerableAn issue was discovered in PHP 7.3.x before 7.3.0alpha3, 7.2.x before ...
CVE-2014-9425vulnerableDouble free vulnerability in the zend_ts_hash_graceful_destroy functio ...
CVE-2014-5459vulnerableThe PEAR_REST class in REST.php in PEAR in PHP through 5.6.0 allows lo ...
CVE-2013-6501vulnerableThe default soap.wsdl_cache_dir setting in (1) php.ini-production and ...
CVE-2013-3735vulnerableThe Zend Engine in PHP before 5.4.16 RC1, and 5.5.0 before RC2, does n ...
CVE-2012-3365vulnerableThe SQLite functionality in PHP before 5.3.15 allows remote attackers ...
CVE-2012-1171vulnerableThe libxml RSHUTDOWN function in PHP 5.x allows remote attackers to by ...
CVE-2010-3064vulnerableStack-based buffer overflow in the php_mysqlnd_auth_write function in ...
CVE-2010-3063vulnerableThe php_mysqlnd_read_error_from_line function in the Mysqlnd extension ...
CVE-2010-3062vulnerablemysqlnd_wireprotocol.c in the Mysqlnd extension in PHP 5.3 through 5.3 ...
CVE-2010-2190vulnerableThe (1) trim, (2) ltrim, (3) rtrim, and (4) substr_replace functions i ...
CVE-2010-2101vulnerableThe (1) strip_tags, (2) setcookie, (3) strtok, (4) wordwrap, (5) str_w ...
CVE-2010-2100vulnerableThe (1) htmlentities, (2) htmlspecialchars, (3) str_getcsv, (4) http_b ...
CVE-2010-2097vulnerableThe (1) iconv_mime_decode, (2) iconv_substr, and (3) iconv_mime_encode ...
CVE-2010-1915vulnerableThe preg_quote function in PHP 5.2 through 5.2.13 and 5.3 through 5.3. ...
CVE-2010-1914vulnerableThe Zend Engine in PHP 5.2 through 5.2.13 and 5.3 through 5.3.2 allows ...
CVE-2010-1868vulnerableThe (1) sqlite_single_query and (2) sqlite_array_query functions in ex ...
CVE-2010-1862vulnerableThe chunk_split function in PHP 5.2 through 5.2.13 and 5.3 through 5.3 ...
CVE-2010-1861vulnerableThe sysvshm extension for PHP 5.2 through 5.2.13 and 5.3 through 5.3.2 ...
CVE-2009-4418vulnerableThe unserialize function in PHP 5.3.0 and earlier allows context-depen ...
CVE-2009-3559vulnerablemain/streams/plain_wrapper.c in PHP 5.3.x before 5.3.1 does not recogn ...
CVE-2008-7002vulnerablePHP 5.2.5 does not enforce (a) open_basedir and (b) safe_mode_exec_dir ...
CVE-2008-5625vulnerablePHP 5 before 5.2.7 does not enforce the error_log safe_mode restrictio ...
CVE-2008-4107vulnerableThe (1) rand and (2) mt_rand functions in PHP 5.2.6 do not produce cry ...
CVE-2008-2666vulnerableMultiple directory traversal vulnerabilities in PHP 5.2.6 and earlier ...
CVE-2007-5424vulnerableThe disable_functions feature in PHP 4 and 5 allows attackers to bypas ...
CVE-2007-4889vulnerableThe MySQL extension in PHP 5.2.4 and earlier allows remote attackers t ...
CVE-2007-4596vulnerableThe perl extension in PHP does not follow safe_mode restrictions, whic ...
CVE-2007-4255vulnerableBuffer overflow in the mSQL extension in PHP 5.2.3 allows context-depe ...
CVE-2007-3294vulnerableMultiple buffer overflows in libtidy, as used in the Tidy extension fo ...
CVE-2007-3205vulnerableThe parse_str function in (1) PHP, (2) Hardened-PHP, and (3) Suhosin, ...
CVE-2007-1890vulnerableInteger overflow in the msg_receive function in PHP 4 before 4.4.5 and ...
CVE-2007-1883vulnerablePHP 4.0.0 through 4.4.6 and 5.0.0 through 5.2.1 allows context-depende ...
CVE-2007-1835vulnerablePHP 4 before 4.4.5 and PHP 5 before 5.2.1, when using an empty session ...
CVE-2007-1710vulnerableThe readfile function in PHP 4.4.4, 5.1.6, and 5.2.1 allows context-de ...
CVE-2007-1582vulnerableThe resource system in PHP 4.0.0 through 4.4.6 and 5.0.0 through 5.2.1 ...
CVE-2007-1581vulnerableThe resource system in PHP 5.0.0 through 5.2.1 allows context-dependen ...
CVE-2007-1413vulnerableBuffer overflow in the snmpget function in the snmp extension in PHP 5 ...
CVE-2007-0448vulnerableThe fopen function in PHP 5.2.0 does not properly handle invalid URI h ...
CVE-2006-7205vulnerableThe array_fill function in ext/standard/array.c in PHP 4.4.2 and 5.1.2 ...
CVE-2006-6383vulnerablePHP 5.2.0 and 4.4 allows local users to bypass safe_mode and open_base ...
CVE-2006-4023vulnerableThe ip2long function in PHP 5.1.4 and earlier may incorrectly validate ...
CVE-2006-0931vulnerableDirectory traversal vulnerability in PEAR::Archive_Tar 1.2, and other ...

Resolved issues

BugDescription
TEMP-0540606-8877D9php5: 'open_basedir' bypass
TEMP-0000000-FE3BD0Session WDDX Packet Deserialization Type Confusion Vulnerability
TEMP-0000000-F647EFMissing safemode checks in PHP's _php_image_output functions
TEMP-0000000-F26C42Type confusion vulnerability in WDDX packet deserialization
TEMP-0000000-F1CA5FType Confusion Vulnerability in PHP_to_XMLRPC_worker()
TEMP-0000000-EA5272NULL Pointer Dereference in phar_tar_setupmetadata()
TEMP-0000000-D591DCInteger overflow in iptcembed()
TEMP-0000000-B391CAexec functions ignore length but look for NULL termination
TEMP-0000000-A9D025Crash on bad SOAP request
TEMP-0000000-5909B0Use-after-free in WDDX Packet Deserialization
CVE-2024-9026In PHP versions 8.1.* before 8.1.30, 8.2.* before 8.2.24, 8.3.* before ...
CVE-2024-8927In PHP versions 8.1.* before 8.1.30, 8.2.* before 8.2.24, 8.3.* before ...
CVE-2024-8926In PHP versions 8.1.* before 8.1.30, 8.2.* before 8.2.24, 8.3.* before ...
CVE-2024-8925In PHP versions8.1.* before 8.1.30, 8.2.* before 8.2.24, 8.3.* before ...
CVE-2024-5585In PHP versions8.1.* before 8.1.29, 8.2.* before 8.2.20, 8.3.* before ...
CVE-2024-5458In PHP versions8.1.* before 8.1.29, 8.2.* before 8.2.20, 8.3.* before ...
CVE-2024-4577In PHP versions8.1.* before 8.1.29, 8.2.* before 8.2.20, 8.3.* before ...
CVE-2024-3096In PHP version 8.1.* before 8.1.28, 8.2.* before 8.2.18, 8.3.* before ...
CVE-2024-2757In PHP 8.3.* before 8.3.5, functionmb_encode_mimeheader() runs endless ...
CVE-2024-2756Due to an incomplete fix to CVE-2022-31629 https://github.com/advisor ...
CVE-2024-1874In PHP versions 8.1.* before 8.1.28, 8.2.* before 8.2.18, 8.3.* before ...
CVE-2023-3824In PHP version 8.0.* before 8.0.30, 8.1.* before 8.1.22, and 8.2.* bef ...
CVE-2023-3823In PHP versions 8.0.* before 8.0.30, 8.1.* before 8.1.22, and 8.2.* be ...
CVE-2023-0662In PHP 8.0.X before 8.0.28, 8.1.X before 8.1.16 and 8.2.X before 8.2.3 ...
CVE-2023-0568In PHP 8.0.X before 8.0.28, 8.1.X before 8.1.16 and 8.2.X before 8.2.3 ...
CVE-2023-0567In PHP 8.0.X before 8.0.28, 8.1.X before 8.1.16 and 8.2.X before 8.2.3 ...
CVE-2022-37454The Keccak XKCP SHA-3 reference implementation before fdc6fef has an i ...
CVE-2022-31631
CVE-2022-31630In PHP versions prior to 7.4.33, 8.0.25 and 8.1.12, when using imagelo ...
CVE-2022-31629In PHP versions before 7.4.31, 8.0.24 and 8.1.11, the vulnerability en ...
CVE-2022-31628In PHP versions before 7.4.31, 8.0.24 and 8.1.11, the phar uncompresso ...
CVE-2022-31627In PHP versions 8.1.x below 8.1.8, when fileinfo functions, such as fi ...
CVE-2022-31626In PHP versions 7.4.x below 7.4.30, 8.0.x below 8.0.20, and 8.1.x belo ...
CVE-2022-31625In PHP versions 7.4.x below 7.4.30, 8.0.x below 8.0.20, and 8.1.x belo ...
CVE-2022-4900A vulnerability was found in PHP where setting the environment variabl ...
CVE-2021-21708In PHP versions 7.4.x below 7.4.28, 8.0.x below 8.0.16, and 8.1.x belo ...
CVE-2021-21707In PHP versions 7.3.x below 7.3.33, 7.4.x below 7.4.26 and 8.0.x below ...
CVE-2021-21706In PHP versions 7.3.x below 7.3.31, 7.4.x below 7.4.24 and 8.0.x below ...
CVE-2021-21705In PHP versions 7.3.x below 7.3.29, 7.4.x below 7.4.21 and 8.0.x below ...
CVE-2021-21704In PHP versions 7.3.x below 7.3.29, 7.4.x below 7.4.21 and 8.0.x below ...
CVE-2021-21703In PHP versions 7.3.x up to and including 7.3.31, 7.4.x below 7.4.25 a ...
CVE-2021-21702In PHP versions 7.3.x below 7.3.27, 7.4.x below 7.4.15 and 8.0.x below ...
CVE-2020-7071In PHP versions 7.3.x below 7.3.26, 7.4.x below 7.4.14 and 8.0.0, when ...
CVE-2020-7070In PHP versions 7.2.x below 7.2.34, 7.3.x below 7.3.23 and 7.4.x below ...
CVE-2020-7069In PHP versions 7.2.x below 7.2.34, 7.3.x below 7.3.23 and 7.4.x below ...
CVE-2020-7068In PHP versions 7.2.x below 7.2.33, 7.3.x below 7.3.21 and 7.4.x below ...
CVE-2020-7067In PHP versions 7.2.x below 7.2.30, 7.3.x below 7.3.17 and 7.4.x below ...
CVE-2020-7066In PHP versions 7.2.x below 7.2.29, 7.3.x below 7.3.16 and 7.4.x below ...
CVE-2020-7065In PHP versions 7.3.x below 7.3.16 and 7.4.x below 7.4.4, while using ...
CVE-2020-7064In PHP versions 7.2.x below 7.2.9, 7.3.x below 7.3.16 and 7.4.x below ...
CVE-2020-7063In PHP versions 7.2.x below 7.2.28, 7.3.x below 7.3.15 and 7.4.x below ...
CVE-2020-7062In PHP versions 7.2.x below 7.2.28, 7.3.x below 7.3.15 and 7.4.x below ...
CVE-2020-7061In PHP versions 7.3.x below 7.3.15 and 7.4.x below 7.4.3, while extrac ...
CVE-2020-7060When using certain mbstring functions to convert multibyte encodings, ...
CVE-2020-7059When using fgetss() function to read data with stripping tags, in PHP ...
CVE-2019-13224A use-after-free in onig_new_deluxe() in regext.c in Oniguruma 6.9.2 a ...
CVE-2019-11050When PHP EXIF extension is parsing EXIF information from an image, e.g ...
CVE-2019-11049In PHP versions 7.3.x below 7.3.13 and 7.4.0 on Windows, when supplyin ...
CVE-2019-11048In PHP versions 7.2.x below 7.2.31, 7.3.x below 7.3.18 and 7.4.x below ...
CVE-2019-11047When PHP EXIF extension is parsing EXIF information from an image, e.g ...
CVE-2019-11046In PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0, PHP ...
CVE-2019-11045In PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0, PHP ...
CVE-2019-11044In PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0 on Wi ...
CVE-2019-11043In PHP versions 7.1.x below 7.1.33, 7.2.x below 7.2.24 and 7.3.x below ...
CVE-2019-11042When PHP EXIF extension is parsing EXIF information from an image, e.g ...
CVE-2019-11041When PHP EXIF extension is parsing EXIF information from an image, e.g ...
CVE-2019-11040When PHP EXIF extension is parsing EXIF information from an image, e.g ...
CVE-2019-11039Function iconv_mime_decode_headers() in PHP versions 7.1.x below 7.1.3 ...
CVE-2019-11036When processing certain files, PHP EXIF extension in versions 7.1.x be ...
CVE-2019-11035When processing certain files, PHP EXIF extension in versions 7.1.x be ...
CVE-2019-11034When processing certain files, PHP EXIF extension in versions 7.1.x be ...
CVE-2019-9675An issue was discovered in PHP 7.x before 7.1.27 and 7.3.x before 7.3. ...
CVE-2019-9641An issue was discovered in the EXIF component in PHP before 7.1.27, 7. ...
CVE-2019-9640An issue was discovered in the EXIF component in PHP before 7.1.27, 7. ...
CVE-2019-9639An issue was discovered in the EXIF component in PHP before 7.1.27, 7. ...
CVE-2019-9638An issue was discovered in the EXIF component in PHP before 7.1.27, 7. ...
CVE-2019-9637An issue was discovered in PHP before 7.1.27, 7.2.x before 7.2.16, and ...
CVE-2019-9024An issue was discovered in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x ...
CVE-2019-9023An issue was discovered in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x ...
CVE-2019-9022An issue was discovered in PHP 7.x before 7.1.26, 7.2.x before 7.2.14, ...
CVE-2019-9021An issue was discovered in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x ...
CVE-2019-9020An issue was discovered in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x ...
CVE-2019-6977gdImageColorMatch in gd_color_match.c in the GD Graphics Library (aka ...
CVE-2018-1000888PEAR Archive_Tar version 1.4.3 and earlier contains a CWE-502, CWE-915 ...
CVE-2018-20783In PHP before 5.6.39, 7.x before 7.0.33, 7.1.x before 7.1.25, and 7.2. ...
CVE-2018-19935ext/imap/php_imap.c in PHP 5.x and 7.x before 7.3.0 allows remote atta ...
CVE-2018-19518University of Washington IMAP Toolkit 2007f on UNIX, as used in imap_o ...
CVE-2018-19396ext/standard/var_unserializer.c in PHP 5.x through 7.1.24 allows attac ...
CVE-2018-19395ext/standard/var.c in PHP 5.x through 7.1.24 on Windows allows attacke ...
CVE-2018-17082The Apache2 component in PHP before 5.6.38, 7.0.x before 7.0.32, 7.1.x ...
CVE-2018-15132An issue was discovered in ext/standard/link_win32.c in PHP before 5.6 ...
CVE-2018-14884An issue was discovered in PHP 7.0.x before 7.0.27, 7.1.x before 7.1.1 ...
CVE-2018-14883An issue was discovered in PHP before 5.6.37, 7.0.x before 7.0.31, 7.1 ...
CVE-2018-14851exif_process_IFD_in_MAKERNOTE in ext/exif/exif.c in PHP before 5.6.37, ...
CVE-2018-12882exif_read_from_impl in ext/exif/exif.c in PHP 7.2.x through 7.2.7 allo ...
CVE-2018-10549An issue was discovered in PHP before 5.6.36, 7.0.x before 7.0.30, 7.1 ...
CVE-2018-10548An issue was discovered in PHP before 5.6.36, 7.0.x before 7.0.30, 7.1 ...
CVE-2018-10547An issue was discovered in ext/phar/phar_object.c in PHP before 5.6.36 ...
CVE-2018-10546An issue was discovered in PHP before 5.6.36, 7.0.x before 7.0.30, 7.1 ...
CVE-2018-10545An issue was discovered in PHP before 5.6.35, 7.0.x before 7.0.29, 7.1 ...
CVE-2018-7584In PHP through 5.6.33, 7.0.x before 7.0.28, 7.1.x through 7.1.14, and ...
CVE-2018-5712An issue was discovered in PHP before 5.6.33, 7.0.x before 7.0.27, 7.1 ...
CVE-2018-5711gd_gif_in.c in the GD Graphics Library (aka libgd), as used in PHP bef ...
CVE-2017-16642In PHP before 5.6.32, 7.x before 7.0.25, and 7.1.x before 7.1.11, an e ...
CVE-2017-14107The _zip_read_eocd64 function in zip_open.c in libzip before 1.3.0 mis ...
CVE-2017-12933The finish_nested_data function in ext/standard/var_unserializer.re in ...
CVE-2017-11628In PHP before 5.6.31, 7.x before 7.0.21, and 7.1.x before 7.1.7, a sta ...
CVE-2017-11147In PHP before 5.6.30 and 7.x before 7.0.15, the PHAR archive handler c ...
CVE-2017-11145In PHP before 5.6.31, 7.x before 7.0.21, and 7.1.x before 7.1.7, an er ...
CVE-2017-11144In PHP before 5.6.31, 7.x before 7.0.21, and 7.1.x before 7.1.7, the o ...
CVE-2017-11143In PHP before 5.6.31, an invalid free in the WDDX deserialization of b ...
CVE-2017-11142In PHP before 5.6.31, 7.x before 7.0.17, and 7.1.x before 7.1.3, remot ...
CVE-2017-9120PHP 7.x through 7.1.5 allows remote attackers to cause a denial of ser ...
CVE-2016-10712In PHP before 5.5.32, 5.6.x before 5.6.18, and 7.x before 7.0.3, all o ...
CVE-2016-10397In PHP before 5.6.28 and 7.x before 7.0.13, incorrect handling of vari ...
CVE-2016-10168Integer overflow in gd_io.c in the GD Graphics Library (aka libgd) bef ...
CVE-2016-10167The gdImageCreateFromGd2Ctx function in gd_gd2.c in the GD Graphics Li ...
CVE-2016-10161The object_common1 function in ext/standard/var_unserializer.c in PHP ...
CVE-2016-10160Off-by-one error in the phar_parse_pharfile function in ext/phar/phar. ...
CVE-2016-10159Integer overflow in the phar_parse_pharfile function in ext/phar/phar. ...
CVE-2016-10158The exif_convert_any_to_int function in ext/exif/exif.c in PHP before ...
CVE-2016-9935The php_wddx_push_element function in ext/wddx/wddx.c in PHP before 5. ...
CVE-2016-9934ext/wddx/wddx.c in PHP before 5.6.28 and 7.x before 7.0.13 allows remo ...
CVE-2016-9933Stack consumption vulnerability in the gdImageFillToBorder function in ...
CVE-2016-9138PHP through 5.6.27 and 7.x through 7.0.12 mishandles property modifica ...
CVE-2016-9137Use-after-free vulnerability in the CURLFile implementation in ext/cur ...
CVE-2016-7568Integer overflow in the gdImageWebpCtx function in gd_webp.c in the GD ...
CVE-2016-7479In all versions of PHP 7, during the unserialization process, resizing ...
CVE-2016-7478Zend/zend_exceptions.c in PHP, possibly 5.x before 5.6.28 and 7.x befo ...
CVE-2016-7418The php_wddx_push_element function in ext/wddx/wddx.c in PHP before 5. ...
CVE-2016-7417ext/spl/spl_array.c in PHP before 5.6.26 and 7.x before 7.0.11 proceed ...
CVE-2016-7416ext/intl/msgformat/msgformat_format.c in PHP before 5.6.26 and 7.x bef ...
CVE-2016-7414The ZIP signature-verification feature in PHP before 5.6.26 and 7.x be ...
CVE-2016-7413Use-after-free vulnerability in the wddx_stack_destroy function in ext ...
CVE-2016-7412ext/mysqlnd/mysqlnd_wireprotocol.c in PHP before 5.6.26 and 7.x before ...
CVE-2016-7411ext/standard/var_unserializer.re in PHP before 5.6.26 mishandles objec ...
CVE-2016-7134ext/curl/interface.c in PHP 7.x before 7.0.10 does not work around a l ...
CVE-2016-7133Zend/zend_alloc.c in PHP 7.x before 7.0.10, when open_basedir is enabl ...
CVE-2016-7132ext/wddx/wddx.c in PHP before 5.6.25 and 7.x before 7.0.10 allows remo ...
CVE-2016-7131ext/wddx/wddx.c in PHP before 5.6.25 and 7.x before 7.0.10 allows remo ...
CVE-2016-7130The php_wddx_pop_element function in ext/wddx/wddx.c in PHP before 5.6 ...
CVE-2016-7129The php_wddx_process_data function in ext/wddx/wddx.c in PHP before 5. ...
CVE-2016-7128The exif_process_IFD_in_TIFF function in ext/exif/exif.c in PHP before ...
CVE-2016-7127The imagegammacorrect function in ext/gd/gd.c in PHP before 5.6.25 and ...
CVE-2016-7126The imagetruecolortopalette function in ext/gd/gd.c in PHP before 5.6. ...
CVE-2016-7125ext/session/session.c in PHP before 5.6.25 and 7.x before 7.0.10 skips ...
CVE-2016-7124ext/standard/var_unserializer.c in PHP before 5.6.25 and 7.x before 7. ...
CVE-2016-6297Integer overflow in the php_stream_zip_opener function in ext/zip/zip_ ...
CVE-2016-6296Integer signedness error in the simplestring_addn function in simplest ...
CVE-2016-6295ext/snmp/snmp.c in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x bef ...
CVE-2016-6294The locale_accept_from_http function in ext/intl/locale/locale_methods ...
CVE-2016-6292The exif_process_user_comment function in ext/exif/exif.c in PHP befor ...
CVE-2016-6291The exif_process_IFD_in_MAKERNOTE function in ext/exif/exif.c in PHP b ...
CVE-2016-6290ext/session/session.c in PHP before 5.5.38, 5.6.x before 5.6.24, and 7 ...
CVE-2016-6289Integer overflow in the virtual_file_ex function in TSRM/tsrm_virtual_ ...
CVE-2016-6288The php_url_parse_ex function in ext/standard/url.c in PHP before 5.5. ...
CVE-2016-6207Integer overflow in the _gdContributionsAlloc function in gd_interpola ...
CVE-2016-6128The gdImageCropThreshold function in gd_crop.c in the GD Graphics Libr ...
CVE-2016-5773php_zip.c in the zip extension in PHP before 5.5.37, 5.6.x before 5.6. ...
CVE-2016-5772Double free vulnerability in the php_wddx_process_data function in wdd ...
CVE-2016-5771spl_array.c in the SPL extension in PHP before 5.5.37 and 5.6.x before ...
CVE-2016-5770Integer overflow in the SplFileObject::fread function in spl_directory ...
CVE-2016-5769Multiple integer overflows in mcrypt.c in the mcrypt extension in PHP ...
CVE-2016-5768Double free vulnerability in the _php_mb_regex_ereg_replace_exec funct ...
CVE-2016-5767Integer overflow in the gdImageCreate function in gd.c in the GD Graph ...
CVE-2016-5766Integer overflow in the _gd2GetHeader function in gd_gd2.c in the GD G ...
CVE-2016-5399The bzread function in ext/bz2/bz2.c in PHP before 5.5.38, 5.6.x befor ...
CVE-2016-5385PHP through 7.0.8 does not attempt to address RFC 3875 section 4.1.18 ...
CVE-2016-5114sapi/fpm/fpm/fpm_log.c in PHP before 5.5.31, 5.6.x before 5.6.17, and ...
CVE-2016-5096Integer overflow in the fread function in ext/standard/file.c in PHP b ...
CVE-2016-5095Integer overflow in the php_escape_html_entities_ex function in ext/st ...
CVE-2016-5094Integer overflow in the php_html_entities function in ext/standard/htm ...
CVE-2016-5093The get_icu_value_internal function in ext/intl/locale/locale_methods. ...
CVE-2016-4544The exif_process_TIFF_in_JPEG function in ext/exif/exif.c in PHP befor ...
CVE-2016-4543The exif_process_IFD_in_JPEG function in ext/exif/exif.c in PHP before ...
CVE-2016-4542The exif_process_IFD_TAG function in ext/exif/exif.c in PHP before 5.5 ...
CVE-2016-4541The grapheme_strpos function in ext/intl/grapheme/grapheme_string.c in ...
CVE-2016-4540The grapheme_stripos function in ext/intl/grapheme/grapheme_string.c i ...
CVE-2016-4539The xml_parse_into_struct function in ext/xml/xml.c in PHP before 5.5. ...
CVE-2016-4538The bcpowmod function in ext/bcmath/bcmath.c in PHP before 5.5.35, 5.6 ...
CVE-2016-4537The bcpowmod function in ext/bcmath/bcmath.c in PHP before 5.5.35, 5.6 ...
CVE-2016-4473/ext/phar/phar_object.c in PHP 7.0.7 and 5.6.x allows remote attackers ...
CVE-2016-4346Integer overflow in the str_pad function in ext/standard/string.c in P ...
CVE-2016-4345Integer overflow in the php_filter_encode_url function in ext/filter/s ...
CVE-2016-4344Integer overflow in the xml_utf8_encode function in ext/xml/xml.c in P ...
CVE-2016-4343The phar_make_dirstream function in ext/phar/dirstream.c in PHP before ...
CVE-2016-4342ext/phar/phar_object.c in PHP before 5.5.32, 5.6.x before 5.6.18, and ...
CVE-2016-4073Multiple integer overflows in the mbfl_strcut function in ext/mbstring ...
CVE-2016-4072The Phar extension in PHP before 5.5.34, 5.6.x before 5.6.20, and 7.x ...
CVE-2016-4071Format string vulnerability in the php_snmp_error function in ext/snmp ...
CVE-2016-4070Integer overflow in the php_raw_url_encode function in ext/standard/ur ...
CVE-2016-3185The make_http_soap_request function in ext/soap/php_http.c in PHP befo ...
CVE-2016-3142The phar_parse_zipfile function in zip.c in the PHAR extension in PHP ...
CVE-2016-3141Use-after-free vulnerability in wddx.c in the WDDX extension in PHP be ...
CVE-2016-3074Integer signedness error in GD Graphics Library 2.1.1 (aka libgd or li ...
CVE-2016-2554Stack-based buffer overflow in ext/phar/tar.c in PHP before 5.5.32, 5. ...
CVE-2016-1904Multiple integer overflows in ext/standard/exec.c in PHP 7.x before 7. ...
CVE-2016-1903The gdImageRotateInterpolated function in ext/gd/libgd/gd_interpolatio ...
CVE-2015-8994An issue was discovered in PHP 5.x and 7.x, when the configuration use ...
CVE-2015-8935The sapi_header_op function in main/SAPI.c in PHP before 5.4.38, 5.5.x ...
CVE-2015-8879The odbc_bindcols function in ext/odbc/php_odbc.c in PHP before 5.6.12 ...
CVE-2015-8878main/php_open_temporary_file.c in PHP before 5.5.28 and 5.6.x before 5 ...
CVE-2015-8877The gdImageScaleTwoPass function in gd_interpolation.c in the GD Graph ...
CVE-2015-8876Zend/zend_exceptions.c in PHP before 5.4.44, 5.5.x before 5.5.28, and ...
CVE-2015-8874Stack consumption vulnerability in GD in PHP before 5.6.12 allows remo ...
CVE-2015-8873Stack consumption vulnerability in Zend/zend_exceptions.c in PHP befor ...
CVE-2015-8867The openssl_random_pseudo_bytes function in ext/openssl/openssl.c in P ...
CVE-2015-8866ext/libxml/libxml.c in PHP before 5.5.22 and 5.6.x before 5.6.6, when ...
CVE-2015-8865The file_check_mem function in funcs.c in file before 5.23, as used in ...
CVE-2015-8838ext/mysqlnd/mysqlnd.c in PHP before 5.4.43, 5.5.x before 5.5.27, and 5 ...
CVE-2015-8835The make_http_soap_request function in ext/soap/php_http.c in PHP befo ...
CVE-2015-7804Off-by-one error in the phar_parse_zipfile function in ext/phar/zip.c ...
CVE-2015-7803The phar_get_entry_data function in ext/phar/util.c in PHP before 5.5. ...
CVE-2015-6838The xsl_ext_function_php function in ext/xsl/xsltprocessor.c in PHP be ...
CVE-2015-6837The xsl_ext_function_php function in ext/xsl/xsltprocessor.c in PHP be ...
CVE-2015-6836The SoapClient __call method in ext/soap/soap.c in PHP before 5.4.45, ...
CVE-2015-6835The session deserializer in PHP before 5.4.45, 5.5.x before 5.5.29, an ...
CVE-2015-6834Multiple use-after-free vulnerabilities in PHP before 5.4.45, 5.5.x be ...
CVE-2015-6833Directory traversal vulnerability in the PharData class in PHP before ...
CVE-2015-6832Use-after-free vulnerability in the SPL unserialize implementation in ...
CVE-2015-6831Multiple use-after-free vulnerabilities in SPL in PHP before 5.4.44, 5 ...
CVE-2015-6527The php_str_replace_in_subject function in ext/standard/string.c in PH ...
CVE-2015-5590Stack-based buffer overflow in the phar_fix_filepath function in ext/p ...
CVE-2015-5589The phar_convert_to_other function in ext/phar/phar_object.c in PHP be ...
CVE-2015-4644The php_pgsql_meta_data function in pgsql.c in the PostgreSQL (aka pgs ...
CVE-2015-4643Integer overflow in the ftp_genlist function in ext/ftp/ftp.c in PHP b ...
CVE-2015-4642The escapeshellarg function in ext/standard/exec.c in PHP before 5.4.4 ...
CVE-2015-4605The mcopy function in softmagic.c in file 5.x, as used in the Fileinfo ...
CVE-2015-4604The mget function in softmagic.c in file 5.x, as used in the Fileinfo ...
CVE-2015-4603The exception::getTraceAsString function in Zend/zend_exceptions.c in ...
CVE-2015-4602The __PHP_Incomplete_Class function in ext/standard/incomplete_class.c ...
CVE-2015-4601PHP before 5.6.7 might allow remote attackers to cause a denial of ser ...
CVE-2015-4600The SoapClient implementation in PHP before 5.4.40, 5.5.x before 5.5.2 ...
CVE-2015-4599The SoapFault::__toString method in ext/soap/soap.c in PHP before 5.4. ...
CVE-2015-4598PHP before 5.4.42, 5.5.x before 5.5.26, and 5.6.x before 5.6.10 does n ...
CVE-2015-4148The do_soap_call function in ext/soap/soap.c in PHP before 5.4.39, 5.5 ...
CVE-2015-4147The SoapClient::__call method in ext/soap/soap.c in PHP before 5.4.39, ...
CVE-2015-4116Use-after-free vulnerability in the spl_ptr_heap_insert function in ex ...
CVE-2015-4026The pcntl_exec implementation in PHP before 5.4.41, 5.5.x before 5.5.2 ...
CVE-2015-4025PHP before 5.4.41, 5.5.x before 5.5.25, and 5.6.x before 5.6.9 truncat ...
CVE-2015-4024Algorithmic complexity vulnerability in the multipart_buffer_headers f ...
CVE-2015-4022Integer overflow in the ftp_genlist function in ext/ftp/ftp.c in PHP b ...
CVE-2015-4021The phar_parse_tarfile function in ext/phar/tar.c in PHP before 5.4.41 ...
CVE-2015-3412PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 does no ...
CVE-2015-3411PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 does no ...
CVE-2015-3330The php_handler function in sapi/apache2handler/sapi_apache2.c in PHP ...
CVE-2015-3329Multiple stack-based buffer overflows in the phar_set_inode function i ...
CVE-2015-3307The phar_parse_metadata function in ext/phar/phar.c in PHP before 5.4. ...
CVE-2015-3211php-fpm allows local users to write to or create arbitrary files via a ...
CVE-2015-2787Use-after-free vulnerability in the process_nested_data function in ex ...
CVE-2015-2783ext/phar/phar.c in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x b ...
CVE-2015-2348The move_uploaded_file implementation in ext/standard/basic_functions. ...
CVE-2015-2331Integer overflow in the _zip_cdir_new function in zip_dirent.c in libz ...
CVE-2015-2305Integer overflow in the regcomp implementation in the Henry Spencer BS ...
CVE-2015-2301Use-after-free vulnerability in the phar_rename_archive function in ph ...
CVE-2015-1352The build_tablename function in pgsql.c in the PostgreSQL (aka pgsql) ...
CVE-2015-1351Use-after-free vulnerability in the _zend_shared_memdup function in ze ...
CVE-2015-0273Multiple use-after-free vulnerabilities in ext/date/php_date.c in PHP ...
CVE-2015-0232The exif_process_unicode function in ext/exif/exif.c in PHP before 5.4 ...
CVE-2015-0231Use-after-free vulnerability in the process_nested_data function in ex ...
CVE-2014-9912The get_icu_disp_value_src_php function in ext/intl/locale/locale_meth ...
CVE-2014-9767Directory traversal vulnerability in the ZipArchive::extractTo functio ...
CVE-2014-9709The GetCode_ function in gd_gif_in.c in GD 2.1.1 and earlier, as used ...
CVE-2014-9705Heap-based buffer overflow in the enchant_broker_request_dict function ...
CVE-2014-9653readelf.c in file before 5.22, as used in the Fileinfo component in PH ...
CVE-2014-9652The mconvert function in softmagic.c in file before 5.21, as used in t ...
CVE-2014-9621The ELF parser in file 5.16 through 5.21 allows remote attackers to ca ...
CVE-2014-9620The ELF parser in file 5.08 through 5.21 allows remote attackers to ca ...
CVE-2014-9427sapi/cgi/cgi_main.c in the CGI component in PHP through 5.4.36, 5.5.x ...
CVE-2014-8626Stack-based buffer overflow in the date_from_ISO8601 function in ext/x ...
CVE-2014-8142Use-after-free vulnerability in the process_nested_data function in ex ...
CVE-2014-8117softmagic.c in file before 5.21 does not properly limit recursion, whi ...
CVE-2014-8116The ELF parser (readelf.c) in file before 5.21 allows remote attackers ...
CVE-2014-5120gd_ctx.c in the GD component in PHP 5.4.x before 5.4.32 and 5.5.x befo ...
CVE-2014-4721The phpinfo implementation in ext/standard/info.c in PHP before 5.4.30 ...
CVE-2014-4698Use-after-free vulnerability in ext/spl/spl_array.c in the SPL compone ...
CVE-2014-4670Use-after-free vulnerability in ext/spl/spl_dllist.c in the SPL compon ...
CVE-2014-4049Heap-based buffer overflow in the php_parserr function in ext/standard ...
CVE-2014-3981acinclude.m4, as used in the configure script in PHP 5.5.13 and earlie ...
CVE-2014-3710The donote function in readelf.c in file through 5.20, as used in the ...
CVE-2014-3670The exif_ifd_make_value function in exif.c in the EXIF extension in PH ...
CVE-2014-3669Integer overflow in the object_custom function in ext/standard/var_uns ...
CVE-2014-3668Buffer overflow in the date_from_ISO8601 function in the mkgmtime impl ...
CVE-2014-3622Use-after-free vulnerability in the add_post_var function in the Posth ...
CVE-2014-3597Multiple buffer overflows in the php_parserr function in ext/standard/ ...
CVE-2014-3587Integer overflow in the cdf_read_property_info function in cdf.c in fi ...
CVE-2014-3538file before 5.19 does not properly restrict the amount of data read du ...
CVE-2014-3515The SPL component in PHP before 5.4.30 and 5.5.x before 5.5.14 incorre ...
CVE-2014-3487The cdf_read_property_info function in file before 5.19, as used in th ...
CVE-2014-3480The cdf_count_chain function in cdf.c in file before 5.19, as used in ...
CVE-2014-3479The cdf_check_stream_offset function in cdf.c in file before 5.19, as ...
CVE-2014-3478Buffer overflow in the mconvert function in softmagic.c in file before ...
CVE-2014-2497The gdImageCreateFromXpm function in gdxpm.c in libgd, as used in PHP ...
CVE-2014-2270softmagic.c in file before 5.17 and libmagic allows context-dependent ...
CVE-2014-2020ext/gd/gd.c in PHP 5.5.x before 5.5.9 does not check data types, which ...
CVE-2014-1943Fine Free file before 5.17 allows context-dependent attackers to cause ...
CVE-2014-0238The cdf_read_property_info function in cdf.c in the Fileinfo component ...
CVE-2014-0237The cdf_unpack_summary_info function in cdf.c in the Fileinfo componen ...
CVE-2014-0236file before 5.18, as used in the Fileinfo component in PHP before 5.6. ...
CVE-2014-0207The cdf_read_short_sector function in cdf.c in file before 5.19, as us ...
CVE-2014-0185sapi/fpm/fpm/fpm_unix.c in the FastCGI Process Manager (FPM) in PHP be ...
CVE-2013-7456gd_interpolation.c in the GD Graphics Library (aka libgd) before 2.1.1 ...
CVE-2013-7345The BEGIN regular expression in the awk script detector in magic/Magdi ...
CVE-2013-7328Multiple integer signedness errors in the gdImageCrop function in ext/ ...
CVE-2013-7327The gdImageCrop function in ext/gd/gd.c in PHP 5.5.x before 5.5.9 does ...
CVE-2013-7226Integer overflow in the gdImageCrop function in ext/gd/gd.c in PHP 5.5 ...
CVE-2013-6712The scan function in ext/date/lib/parse_iso_intervals.c in PHP through ...
CVE-2013-6420The asn1_time_to_time_t function in ext/openssl/openssl.c in PHP befor ...
CVE-2013-4636The mget function in libmagic/softmagic.c in the Fileinfo component in ...
CVE-2013-4635Integer overflow in the SdnToJewish function in jewish.c in the Calend ...
CVE-2013-4248The openssl_x509_parse function in openssl.c in the OpenSSL module in ...
CVE-2013-4113ext/xml/xml.c in PHP before 5.3.27 does not properly consider parsing ...
CVE-2013-2110Heap-based buffer overflow in the php_quot_print_encode function in ex ...
CVE-2013-1824The SOAP parser in PHP before 5.3.22 and 5.4.x before 5.4.12 allows re ...
CVE-2013-1643The SOAP parser in PHP before 5.3.23 and 5.4.x before 5.4.13 allows re ...
CVE-2013-1635ext/soap/soap.c in PHP before 5.3.22 and 5.4.x before 5.4.13 does not ...
CVE-2012-6113The openssl_encrypt function in ext/openssl/openssl.c in PHP 5.3.9 thr ...
CVE-2012-5381Untrusted search path vulnerability in the installation functionality ...
CVE-2012-4388The sapi_header_op function in main/SAPI.c in PHP 5.4.0RC2 through 5.4 ...
CVE-2012-3450pdo_sql_parser.re in the PDO extension in PHP before 5.3.14 and 5.4.x ...
CVE-2012-2688Unspecified vulnerability in the _php_stream_scandir function in the s ...
CVE-2012-2386Integer overflow in the phar_parse_tarfile function in tar.c in the ph ...
CVE-2012-2376Buffer overflow in the com_print_typeinfo function in PHP 5.4.3 and ea ...
CVE-2012-2336sapi/cgi/cgi_main.c in PHP before 5.3.13 and 5.4.x before 5.4.3, when ...
CVE-2012-2329Buffer overflow in the apache_request_headers function in sapi/cgi/cgi ...
CVE-2012-2317The Debian php_crypt_revamped.patch patch for PHP 5.3.x, as used in th ...
CVE-2012-2311sapi/cgi/cgi_main.c in PHP before 5.3.13 and 5.4.x before 5.4.3, when ...
CVE-2012-2143The crypt_des (aka DES-based crypt) function in FreeBSD before 9.0-REL ...
CVE-2012-1823sapi/cgi/cgi_main.c in PHP before 5.3.12 and 5.4.x before 5.4.2, when ...
CVE-2012-1172The file-upload implementation in rfc1867.c in PHP before 5.4.0 does n ...
CVE-2012-0831PHP before 5.3.10 does not properly perform a temporary change to the ...
CVE-2012-0830The php_register_variable_ex function in php_variables.c in PHP 5.3.9 ...
CVE-2012-0789Memory leak in the timezone functionality in PHP before 5.3.9 allows r ...
CVE-2012-0788The PDORow implementation in PHP before 5.3.9 does not properly intera ...
CVE-2012-0781The tidy_diagnose function in PHP 5.3.8 might allow remote attackers t ...
CVE-2012-0057PHP before 5.3.9 has improper libxslt security settings, which allows ...
CVE-2011-4885PHP before 5.3.9 computes hash values for form parameters without rest ...
CVE-2011-4718Session fixation vulnerability in the Sessions subsystem in PHP before ...
CVE-2011-4566Integer overflow in the exif_process_IFD_TAG function in exif.c in the ...
CVE-2011-4153PHP 5.3.8 does not always check the return value of the zend_strndup f ...
CVE-2011-3379The is_a function in PHP 5.3.7 and 5.3.8 triggers a call to the __auto ...
CVE-2011-3268Buffer overflow in the crypt function in PHP before 5.3.7 allows conte ...
CVE-2011-3267PHP before 5.3.7 does not properly implement the error_log function, w ...
CVE-2011-3189The crypt function in PHP 5.3.7, when the MD5 hash type is used, retur ...
CVE-2011-3182PHP before 5.3.7 does not properly check the return values of the mall ...
CVE-2011-2483crypt_blowfish before 1.1, as used in PHP before 5.3.7 on certain plat ...
CVE-2011-2202The rfc1867_post_handler function in main/rfc1867.c in PHP before 5.3. ...
CVE-2011-1938Stack-based buffer overflow in the socket_connect function in ext/sock ...
CVE-2011-1657The (1) ZipArchive::addGlob and (2) ZipArchive::addPattern functions i ...
CVE-2011-1471Integer signedness error in zip_stream.c in the Zip extension in PHP b ...
CVE-2011-1470The Zip extension in PHP before 5.3.6 allows context-dependent attacke ...
CVE-2011-1469Unspecified vulnerability in the Streams component in PHP before 5.3.6 ...
CVE-2011-1468Multiple memory leaks in the OpenSSL extension in PHP before 5.3.6 mig ...
CVE-2011-1467Unspecified vulnerability in the NumberFormatter::setSymbol (aka numfm ...
CVE-2011-1466Integer overflow in the SdnToJulian function in the Calendar extension ...
CVE-2011-1464Buffer overflow in the strval function in PHP before 5.3.6, when the p ...
CVE-2011-1398The sapi_header_op function in main/SAPI.c in PHP before 5.3.11 and 5. ...
CVE-2011-1153Multiple format string vulnerabilities in phar_object.c in the phar ex ...
CVE-2011-1148Use-after-free vulnerability in the substr_replace function in PHP 5.3 ...
CVE-2011-1144The installer in PEAR 1.9.2 and earlier allows local users to overwrit ...
CVE-2011-1092Integer overflow in ext/shmop/shmop.c in PHP before 5.3.6 allows conte ...
CVE-2011-1072The installer in PEAR before 1.9.2 allows local users to overwrite arb ...
CVE-2011-0755Integer overflow in the mt_rand function in PHP before 5.3.4 might mak ...
CVE-2011-0754The SplFileInfo::getType function in the Standard PHP Library (SPL) ex ...
CVE-2011-0753Race condition in the PCNTL extension in PHP before 5.3.4, when a user ...
CVE-2011-0752The extract function in PHP before 5.2.15 does not prevent use of the ...
CVE-2011-0708exif.c in the Exif extension in PHP before 5.3.6 on 64-bit platforms p ...
CVE-2011-0441The Debian GNU/Linux /etc/cron.d/php5 cron job for PHP 5.3.5 allows lo ...
CVE-2011-0421The _zip_name_locate function in zip_name_locate.c in the Zip extensio ...
CVE-2011-0420The grapheme_extract function in the Internationalization extension (I ...
CVE-2010-4700The set_magic_quotes_runtime function in PHP 5.3.2 and 5.3.3, when the ...
CVE-2010-4699The iconv_mime_decode_headers function in the Iconv extension in PHP b ...
CVE-2010-4698Stack-based buffer overflow in the GD extension in PHP before 5.2.15 a ...
CVE-2010-4697Use-after-free vulnerability in the Zend engine in PHP before 5.2.15 a ...
CVE-2010-4657PHP5 before 5.4.4 allows passing invalid utf-8 strings via the xmlText ...
CVE-2010-4645strtod.c, as used in the zend_strtod function in PHP 5.2 before 5.2.17 ...
CVE-2010-4409Integer overflow in the NumberFormatter::getSymbol (aka numfmt_get_sym ...
CVE-2010-4156The mb_strcut function in Libmbfl 1.1.0, as used in PHP 5.3.x through ...
CVE-2010-4150Double free vulnerability in the imap_do_open function in the IMAP ext ...
CVE-2010-3870The utf8_decode function in PHP before 5.3.4 does not properly handle ...
CVE-2010-3710Stack consumption vulnerability in the filter_var function in PHP 5.2. ...
CVE-2010-3709The ZipArchive::getArchiveComment function in PHP 5.2.x through 5.2.14 ...
CVE-2010-3436fopen_wrappers.c in PHP 5.3.x through 5.3.3 might allow remote attacke ...
CVE-2010-3065The default session serializer in PHP 5.2 through 5.2.13 and 5.3 throu ...
CVE-2010-2950Format string vulnerability in stream.c in the phar extension in PHP 5 ...
CVE-2010-2531The var_export function in PHP 5.2 before 5.2.14 and 5.3 before 5.3.3 ...
CVE-2010-2484The strrchr function in PHP 5.2 before 5.2.14 allows context-dependent ...
CVE-2010-2225Use-after-free vulnerability in the SplObjectStorage unserializer in P ...
CVE-2010-2191The (1) parse_str, (2) preg_match, (3) unpack, and (4) pack functions; ...
CVE-2010-2094Multiple format string vulnerabilities in the phar extension in PHP 5. ...
CVE-2010-2093Use-after-free vulnerability in the request shutdown functionality in ...
CVE-2010-1917Stack consumption vulnerability in PHP 5.2 through 5.2.13 and 5.3 thro ...
CVE-2010-1866The dechunk filter in PHP 5.3 through 5.3.2, when decoding an HTTP chu ...
CVE-2010-1864The addcslashes function in PHP 5.2 through 5.2.13 and 5.3 through 5.3 ...
CVE-2010-1860The html_entity_decode function in PHP 5.2 through 5.2.13 and 5.3 thro ...
CVE-2010-1130session.c in the session extension in PHP before 5.2.13, and 5.3.1, do ...
CVE-2010-1129The safe_mode implementation in PHP before 5.2.13 does not properly ha ...
CVE-2010-1128The Linear Congruential Generator (LCG) in PHP before 5.2.13 does not ...
CVE-2010-0397The xmlrpc extension in PHP 5.3.1 does not properly handle a missing m ...
CVE-2009-5016Integer overflow in the xml_utf8_decode function in ext/xml/xml.c in P ...
CVE-2009-4143PHP before 5.2.12 does not properly handle session data, which has uns ...
CVE-2009-4142The htmlspecialchars function in PHP before 5.2.12 does not properly h ...
CVE-2009-4018The proc_open function in ext/standard/proc_open.c in PHP before 5.2.1 ...
CVE-2009-4017PHP before 5.2.12 and 5.3.x before 5.3.1 does not restrict the number ...
CVE-2009-3558The posix_mkfifo function in ext/posix/posix.c in PHP before 5.2.12 an ...
CVE-2009-3557The tempnam function in ext/standard/file.c in PHP before 5.2.12 and 5 ...
CVE-2009-3546The _gdGetColors function in gd_gd.c in PHP 5.2.11 and 5.3.x before 5. ...
CVE-2009-3294The popen API function in TSRM/tsrm_win32.c in PHP before 5.2.11 and 5 ...
CVE-2009-3293Unspecified vulnerability in the imagecolortransparent function in PHP ...
CVE-2009-3292Unspecified vulnerability in PHP before 5.2.11, and 5.3.x before 5.3.1 ...
CVE-2009-3291The php_openssl_apply_verification_policy function in PHP before 5.2.1 ...
CVE-2009-2687The exif_read_data function in the Exif module in PHP before 5.2.10 al ...
CVE-2009-2626The zend_restore_ini_entry_cb function in zend_ini.c in PHP 5.3.0, 5.2 ...
CVE-2009-1272The php_zip_make_relative_path function in php_zip.c in PHP 5.2.x befo ...
CVE-2009-1271The JSON_parser function (ext/json/JSON_parser.c) in PHP 5.2.x before ...
CVE-2009-0754PHP 4.4.4, 5.1.6, and other versions, when running on Apache, allows l ...
CVE-2008-7068The dba_replace function in PHP 5.2.6 and 4.x allows context-dependent ...
CVE-2008-5844PHP 5.2.7 contains an incorrect change to the FILTER_UNSAFE_RAW functi ...
CVE-2008-5814Cross-site scripting (XSS) vulnerability in PHP, possibly 5.2.7 and ea ...
CVE-2008-5658Directory traversal vulnerability in the ZipArchive::extractTo functio ...
CVE-2008-5624PHP 5 before 5.2.7 does not properly initialize the page_uid and page_ ...
CVE-2008-5557Heap-based buffer overflow in ext/mbstring/libmbfl/filters/mbfilter_ht ...
CVE-2008-5498Array index error in the imageRotate function in PHP 5.2.8 and earlier ...
CVE-2008-3660PHP 4.4.x before 4.4.9, and 5.x through 5.2.6, when used as a FastCGI ...
CVE-2008-3659Buffer overflow in the memnstr function in PHP 4.4.x before 4.4.9 and ...
CVE-2008-3658Buffer overflow in the imageloadfont function in ext/gd/gd.c in PHP 4. ...
CVE-2008-2829php_imap.c in PHP 5.2.5, 5.2.6, 4.x, and other versions, uses obsolete ...
CVE-2008-2665Directory traversal vulnerability in the posix_access function in PHP ...
CVE-2008-2108The GENERATE_SEED macro in PHP 4.x before 4.4.8 and 5.x before 5.2.5, ...
CVE-2008-2107The GENERATE_SEED macro in PHP 4.x before 4.4.8 and 5.x before 5.2.5, ...
CVE-2008-2051The escapeshellcmd API function in PHP before 5.2.6 has unknown impact ...
CVE-2008-2050Stack-based buffer overflow in the FastCGI SAPI (fastcgi.c) in PHP bef ...
CVE-2008-1384Integer overflow in PHP 5.2.5 and earlier allows context-dependent att ...
CVE-2008-0674Buffer overflow in PCRE before 7.6 allows remote attackers to execute ...
CVE-2008-0599The init_request_info function in sapi/cgi/cgi_main.c in PHP before 5. ...
CVE-2007-6039PHP 5.2.5 and earlier allows context-dependent attackers to cause a de ...
CVE-2007-5899The output_add_rewrite_var function in PHP before 5.2.5 rewrites local ...
CVE-2007-5898The (1) htmlentities and (2) htmlspecialchars functions in PHP before ...
CVE-2007-5653The Component Object Model (COM) functions in PHP 5.x on Windows do no ...
CVE-2007-4887The dl function in PHP 5.2.4 and earlier allows context-dependent atta ...
CVE-2007-4850curl/interface.c in the cURL library (aka libcurl) in PHP 5.2.4 and 5. ...
CVE-2007-4825Directory traversal vulnerability in PHP 5.2.4 and earlier allows atta ...
CVE-2007-4784The setlocale function in PHP before 5.2.4 allows context-dependent at ...
CVE-2007-4783The iconv_substr function in PHP 5.2.4 and earlier allows context-depe ...
CVE-2007-4782PHP before 5.2.3 allows context-dependent attackers to cause a denial ...
CVE-2007-4670Unspecified vulnerability in PHP before 5.2.4 has unknown impact and a ...
CVE-2007-4663Directory traversal vulnerability in PHP before 5.2.4 allows attackers ...
CVE-2007-4662Buffer overflow in the php_openssl_make_REQ function in PHP before 5.2 ...
CVE-2007-4661The chunk_split function in string.c in PHP 5.2.3 does not properly ca ...
CVE-2007-4660Unspecified vulnerability in the chunk_split function in PHP before 5. ...
CVE-2007-4659The zend_alter_ini_entry function in PHP before 5.2.4 does not properl ...
CVE-2007-4658The money_format function in PHP 5 before 5.2.4, and PHP 4 before 4.4. ...
CVE-2007-4657Multiple integer overflows in PHP 4 before 4.4.8, and PHP 5 before 5.2 ...
CVE-2007-4652The session extension in PHP before 5.2.4 might allow local users to b ...
CVE-2007-4441Buffer overflow in php_win32std.dll in the win32std extension for PHP ...
CVE-2007-4010The win32std extension in PHP 5.2.3 does not follow safe_mode and disa ...
CVE-2007-3998The wordwrap function in PHP 4 before 4.4.8, and PHP 5 before 5.2.4, d ...
CVE-2007-3997The (1) MySQL and (2) MySQLi extensions in PHP 4 before 4.4.8, and PHP ...
CVE-2007-3806The glob function in PHP 5.2.3 allows context-dependent attackers to c ...
CVE-2007-3799The session_start function in ext/session in PHP 4.x up to 4.4.7 and 5 ...
CVE-2007-3790The com_print_typeinfo function in the bz2 extension in PHP 5.2.3 allo ...
CVE-2007-3378The (1) session_save_path, (2) ini_set, and (3) error_log functions in ...
CVE-2007-3007PHP 5 before 5.2.3 does not enforce the open_basedir or safe_mode rest ...
CVE-2007-2872Multiple integer overflows in the chunk_split function in PHP 5 before ...
CVE-2007-2844PHP 4.x and 5.x before 5.2.1, when running on multi-threaded systems, ...
CVE-2007-2748The substr_count function in PHP 5.2.1 and earlier allows context-depe ...
CVE-2007-2728The soap extension in PHP calls php_rand_r with an uninitialized seed ...
CVE-2007-2727The mcrypt_create_iv function in ext/mcrypt/mcrypt.c in PHP before 4.4 ...
CVE-2007-2519Directory traversal vulnerability in the installer in PEAR 1.0 through ...
CVE-2007-2511Buffer overflow in the user_filter_factory_create function in PHP befo ...
CVE-2007-2510Buffer overflow in the make_http_soap_request function in PHP before 5 ...
CVE-2007-2509CRLF injection vulnerability in the ftp_putcmd function in PHP before ...
CVE-2007-1900CRLF injection vulnerability in the FILTER_VALIDATE_EMAIL filter in ex ...
CVE-2007-1889Integer signedness error in the _zend_mm_alloc_int function in the Zen ...
CVE-2007-1887Buffer overflow in the sqlite_decode_binary function in the bundled sq ...
CVE-2007-1864Buffer overflow in the bundled libxmlrpc library in PHP before 4.4.7, ...
CVE-2007-1824Buffer overflow in the php_stream_filter_create function in PHP 5 befo ...
CVE-2007-1777Integer overflow in the zip_read_entry function in PHP 4 before 4.4.5 ...
CVE-2007-1718CRLF injection vulnerability in the mail function in PHP 4.0.0 through ...
CVE-2007-1717The mail function in PHP 4.0.0 through 4.4.6 and 5.0.0 through 5.2.1 t ...
CVE-2007-1711Double free vulnerability in the unserializer in PHP 4.4.5 and 4.4.6 a ...
CVE-2007-1701PHP 4 before 4.4.5, and PHP 5 before 5.2.1, when register_globals is e ...
CVE-2007-1700The session extension in PHP 4 before 4.4.5, and PHP 5 before 5.2.1, c ...
CVE-2007-1649PHP 5.2.1 allows context-dependent attackers to read portions of heap ...
CVE-2007-1583The mb_parse_str function in PHP 4.0.0 through 4.4.6 and 5.0.0 through ...
CVE-2007-1522Double free vulnerability in the session extension in PHP 5.2.0 and 5. ...
CVE-2007-1521Double free vulnerability in PHP before 4.4.7, and 5.x before 5.2.2, a ...
CVE-2007-1484The array_user_key_compare function in PHP 4.4.6 and earlier, and 5.x ...
CVE-2007-1461The compress.bzip2:// URL wrapper provided by the bz2 extension in PHP ...
CVE-2007-1460The zip:// URL wrapper provided by the PECL zip extension in PHP befor ...
CVE-2007-1454ext/filter in PHP 5.2.0, when FILTER_SANITIZE_STRING is used with the ...
CVE-2007-1453Buffer underflow in the PHP_FILTER_TRIM_DEFAULT macro in the filtering ...
CVE-2007-1452The FDF support (ext/fdf) in PHP 5.2.0 and earlier does not implement ...
CVE-2007-1412The cpdf_open function in the ClibPDF (cpdf) extension in PHP 4.4.6 al ...
CVE-2007-1411Buffer overflow in PHP 4.4.6 and earlier, and unspecified PHP 5 versio ...
CVE-2007-1399Stack-based buffer overflow in the zip:// URL wrapper in PECL ZIP 1.8. ...
CVE-2007-1396The import_request_variables function in PHP 4.0.7 through 4.4.6, and ...
CVE-2007-1381The wddx_deserialize function in wddx.c 1.119.2.10.2.12 and 1.119.2.10 ...
CVE-2007-1380The php_binary serialization handler in the session extension in PHP b ...
CVE-2007-1376The shmop functions in PHP before 4.4.5, and before 5.2.1 in the 5.x s ...
CVE-2007-1375Integer overflow in the substr_compare function in PHP 5.2.1 and earli ...
CVE-2007-1286Integer overflow in PHP 4.4.4 and earlier allows remote context-depend ...
CVE-2007-1285The Zend Engine in PHP 4.x before 4.4.7, and 5.x before 5.2.2, allows ...
CVE-2007-0988The zend_hash_init function in PHP 5 before 5.2.1 and PHP 4 before 4.4 ...
CVE-2007-0911Off-by-one error in the str_ireplace function in PHP 5.2.1 might allow ...
CVE-2007-0910Unspecified vulnerability in PHP before 5.2.1 allows attackers to "clo ...
CVE-2007-0909Multiple format string vulnerabilities in PHP before 5.2.1 might allow ...
CVE-2007-0908The WDDX deserializer in the wddx extension in PHP 5 before 5.2.1 and ...
CVE-2007-0907Buffer underflow in PHP before 5.2.1 allows attackers to cause a denia ...
CVE-2007-0906Multiple buffer overflows in PHP before 5.2.1 allow attackers to cause ...
CVE-2007-0905PHP before 5.2.1 allows attackers to bypass safe_mode and open_basedir ...
CVE-2006-7243PHP before 5.3.4 accepts the \0 character in a pathname, which might a ...
CVE-2006-5706Unspecified vulnerabilities in PHP, probably before 5.2.0, allow local ...
CVE-2006-5465Buffer overflow in PHP before 5.2.0 allows remote attackers to execute ...
CVE-2006-5178Race condition in the symlink function in PHP 5.1.6 and earlier allows ...
CVE-2006-4812Integer overflow in PHP 5 up to 5.1.6 and 4 before 4.3.0 allows remote ...
CVE-2006-4625PHP 4.x up to 4.4.4 and PHP 5 up to 5.1.6 allows local users to bypass ...
CVE-2006-4486Integer overflow in memory allocation routines in PHP before 5.1.6, wh ...
CVE-2006-4485The stripos function in PHP before 5.1.5 has unknown impact and attack ...
CVE-2006-4483The cURL extension files (1) ext/curl/interface.c and (2) ext/curl/str ...
CVE-2006-4482Multiple heap-based buffer overflows in the (1) str_repeat and (2) wor ...
CVE-2006-4481The (1) file_exists and (2) imap_reopen functions in PHP before 5.1.5 ...
CVE-2006-4433PHP before 4.4.3 and 5.x before 5.1.4 does not limit the character set ...
CVE-2006-4020scanf.c in PHP 5.1.4 and earlier, and 4.4.3 and earlier, allows contex ...
CVE-2006-3018Unspecified vulnerability in the session extension functionality in PH ...
CVE-2006-3017zend_hash_del_key_or_index in zend_hash.c in PHP before 4.4.3 and 5.x ...
CVE-2006-3016Unspecified vulnerability in session.c in PHP before 5.1.3 has unknown ...
CVE-2006-3011The error_log function in basic_functions.c in PHP before 4.4.4 and 5. ...
CVE-2006-2660Buffer consumption vulnerability in the tempnam function in PHP 5.1.4 ...
CVE-2006-2563The cURL library (libcurl) in PHP 4.4.2 and 5.1.4 allows attackers to ...
CVE-2006-1991The substr_compare function in string.c in PHP 5.1.2 allows context-de ...
CVE-2006-1990Integer overflow in the wordwrap function in string.c in PHP 4.4.2 and ...
CVE-2006-1608The copy function in file.c in PHP 4.4.2 and 5.1.2 allows local users ...
CVE-2006-1549PHP 4.4.2 and 5.1.2 allows local users to cause a crash (segmentation ...
CVE-2006-1494Directory traversal vulnerability in file.c in PHP 4.4.2 and 5.1.2 all ...
CVE-2006-1490PHP before 5.1.3-RC1 might allow remote attackers to obtain portions o ...
CVE-2006-1015Argument injection vulnerability in certain PHP 3.x, 4.x, and 5.x appl ...
CVE-2006-1014Argument injection vulnerability in certain PHP 4.x and 5.x applicatio ...
CVE-2006-0996Cross-site scripting (XSS) vulnerability in phpinfo (info.c) in PHP 5. ...
CVE-2006-0208Multiple cross-site scripting (XSS) vulnerabilities in PHP 4.4.1 and 5 ...
CVE-2006-0207Multiple HTTP response splitting vulnerabilities in PHP 5.1.1 allow re ...
CVE-2006-0200Format string vulnerability in the error-reporting feature in the mysq ...
CVE-2006-0097Stack-based buffer overflow in the create_named_pipe function in libmy ...
CVE-2005-4154Unspecified vulnerability in PEAR installer 1.4.2 and earlier allows u ...
CVE-2005-3883CRLF injection vulnerability in the mb_send_mail function in PHP befor ...
CVE-2005-3392Unspecified vulnerability in PHP before 4.4.1, when using the virtual ...
CVE-2005-3391Multiple vulnerabilities in PHP before 4.4.1 allow remote attackers to ...
CVE-2005-3390The RFC1867 file upload feature in PHP 4.x up to 4.4.0 and 5.x up to 5 ...
CVE-2005-3389The parse_str function in PHP 4.x up to 4.4.0 and 5.x up to 5.0.5, whe ...
CVE-2005-3388Cross-site scripting (XSS) vulnerability in the phpinfo function in PH ...
CVE-2005-3353The exif_read_data function in the Exif module in PHP before 4.4.1 all ...
CVE-2005-3319The apache2handler SAPI (sapi_apache2.c) in the Apache module (mod_php ...
CVE-2005-3054fopen_wrappers.c in PHP 4.4.0, and possibly other versions, does not p ...
CVE-2005-2498Eval injection vulnerability in PHPXMLRPC 1.1.1 and earlier (PEAR XML- ...
CVE-2002-1954Cross-site scripting (XSS) vulnerability in the phpinfo function in PH ...

Security announcements

DSA / DLADescription
ELA-1208-1php5 - security update
ELA-1108-1php5 - security update
ELA-1091-1php5 - security update
ELA-933-1php5 - security update
ELA-849-1php5 - security update
ELA-777-1php5 - security update
ELA-503-1php5 - security update
ELA-457-1php5 - security update
ELA-293-1php5 - security update
DLA-2261-1php5 - security update
ELA-231-1php5 - security update
ELA-227-1php5 - security update
DLA-2188-1php5 - security update
ELA-220-1php5 - security update
DLA-2160-1php5 - security update
ELA-216-1php5 - security update
DLA-2124-1php5 - security update
ELA-204-1php5 - security update
DLA-2050-1php5 - security update
DLA-1970-1php5 - security update
ELA-183-1php5 - security update
DLA-1928-1php5 - security update
DLA-1878-1php5 - security update
ELA-152-1php5 - security update
DLA-1813-1php5 - security update
ELA-128-1php5 - security update
DLA-1803-1php5 - security update
ELA-120-1php5 - security update
ELA-108-1php5 - security update
DLA-1741-1php5 - security update
ELA-91-1php5 - security update
ELA-86-1php5 - security update
DLA-1679-1php5 - security update
DLA-1674-1php5 - security update
ELA-83-1php5 - security update
DLA-1608-1php5 - security update
ELA-67-1php5 - security update
DLA-1509-1php5 - security update
ELA-43-1php5 - security update
DLA-1490-1php5 - security update
ELA-32-1php5 - security update
DLA-1397-1php5 - security update
DLA-1373-1php5 - security update
DLA-1326-1php5 - security update
DLA-1251-1php5 - security update
DSA-4081-1php5 - security update
DLA-1076-1php5 - security update
DLA-1066-1php5 - security update
DLA-1034-1php5 - security update
DLA-875-1php5 - security update
DSA-3783-1php5 - security update
DLA-818-1php5 - security update
DSA-3737-1php5 - security update
DLA-749-1php5 - security update
DSA-3732-1php5 - security update
DSA-3698-1php5 - security update
DSA-3689-1php5 - security update
DLA-628-1php5 - security update
DSA-3631-1php5 - security update
DSA-3618-1php5 - security update
DLA-533-1php5 - security update
DSA-3602-1php5 - security update
DLA-499-1php5 - security update
DSA-3560-1php5 - security update
DLA-444-1php5 - security update
DLA-341-1php5 - security update
DSA-3380-1php5 - security update
DSA-3358-1php5 - security update
DLA-307-1php5 - security update
DSA-3344-1php5 - security update
DSA-3280-1php5 - security update
DLA-212-1php5 - security update
DSA-3198-2php5 - regression update
DSA-3198-1php5 - security update
DSA-3195-1php5 - security update
DLA-145-2php5 - regression update
DLA-145-1php5 - security update
DSA-3126-1php5 - security update
DSA-3117-1php5 - security update
DLA-94-1php5 - security update
DSA-3074-2php5 - regression update
DSA-3074-1php5 - security update
DSA-3064-1php5 - security update
DLA-67-1php5 - security update
DSA-3008-1php5 - security update
DLA-0018-1php5 - security update
DSA-2974-1php5 - security update
DLA-0010-1php5 - security update
DSA-2961-1php5 - security update
DSA-2943-1php5 - security update
DSA-2868-1php5 - denial of service
DSA-2816-1php5 - several
DSA-2742-1php5 - interpretation conflict
DSA-2723-1php5 - heap corruption
DSA-2639-1php5 - several vulnerabilities
DSA-2527-1php5 - several
DSA-2492-1php5 - buffer overflow
DSA-2465-1php5 - several
DSA-2408-1php5 - several
DSA-2403-1php5 - code injection
DSA-2399-1php5 - several
DSA-2266-1php5 - several
DSA-2195-1php5 - several
DSA-2089-1php5 - several vulnerabilities
DSA-2018-1php5 - null pointer dereference
DSA-2001-1php5 - multiple vulnerabilities
DSA-1940-1php5 - multiple issues
DSA-1789-1php5 - several vulnerabilities
DSA-1647-1php5 - several vulnerabilities
DSA-1572-1php5 - several vulnerabilities
DSA-1444-1php5 several issues
DSA-1330-1php5 - several vulnerabilities
DSA-1295-1php5
DSA-1283-1php5

Search for package or bug name: Reporting problems