| Bug | Description |
|---|
| TEMP-0000000-F26C42 | Type confusion vulnerability in WDDX packet deserialization |
| TEMP-0000000-EA5272 | NULL Pointer Dereference in phar_tar_setupmetadata() |
| TEMP-0000000-D591DC | Integer overflow in iptcembed() |
| TEMP-0000000-B391CA | exec functions ignore length but look for NULL termination |
| TEMP-0000000-A9D025 | Crash on bad SOAP request |
| CVE-2023-3824 | In PHP version 8.0.* before 8.0.30, 8.1.* before 8.1.22, and 8.2.* bef ... |
| CVE-2023-3823 | In PHP versions 8.0.* before 8.0.30, 8.1.* before 8.1.22, and 8.2.* be ... |
| CVE-2023-3247 | In PHP versions 8.0.* before 8.0.29, 8.1.* before 8.1.20, 8.2.* before ... |
| CVE-2023-0662 | In PHP 8.0.X before 8.0.28, 8.1.X before 8.1.16 and 8.2.X before 8.2.3 ... |
| CVE-2023-0568 | In PHP 8.0.X before 8.0.28, 8.1.X before 8.1.16 and 8.2.X before 8.2.3 ... |
| CVE-2023-0567 | In PHP 8.0.X before 8.0.28, 8.1.X before 8.1.16 and 8.2.X before 8.2.3 ... |
| CVE-2022-37454 | The Keccak XKCP SHA-3 reference implementation before fdc6fef has an i ... |
| CVE-2022-31631 | |
| CVE-2022-31630 | In PHP versions prior to 7.4.33, 8.0.25 and 8.1.12, when using imagelo ... |
| CVE-2022-31629 | In PHP versions before 7.4.31, 8.0.24 and 8.1.11, the vulnerability en ... |
| CVE-2022-31628 | In PHP versions before 7.4.31, 8.0.24 and 8.1.11, the phar uncompresso ... |
| CVE-2022-31627 | In PHP versions 8.1.x below 8.1.8, when fileinfo functions, such as fi ... |
| CVE-2022-31626 | In PHP versions 7.4.x below 7.4.30, 8.0.x below 8.0.20, and 8.1.x belo ... |
| CVE-2022-31625 | In PHP versions 7.4.x below 7.4.30, 8.0.x below 8.0.20, and 8.1.x belo ... |
| CVE-2022-4900 | A vulnerability was found in PHP where setting the environment variabl ... |
| CVE-2021-21708 | In PHP versions 7.4.x below 7.4.28, 8.0.x below 8.0.16, and 8.1.x belo ... |
| CVE-2021-21707 | In PHP versions 7.3.x below 7.3.33, 7.4.x below 7.4.26 and 8.0.x below ... |
| CVE-2021-21706 | In PHP versions 7.3.x below 7.3.31, 7.4.x below 7.4.24 and 8.0.x below ... |
| CVE-2021-21705 | In PHP versions 7.3.x below 7.3.29, 7.4.x below 7.4.21 and 8.0.x below ... |
| CVE-2021-21704 | In PHP versions 7.3.x below 7.3.29, 7.4.x below 7.4.21 and 8.0.x below ... |
| CVE-2021-21703 | In PHP versions 7.3.x up to and including 7.3.31, 7.4.x below 7.4.25 a ... |
| CVE-2021-21702 | In PHP versions 7.3.x below 7.3.27, 7.4.x below 7.4.15 and 8.0.x below ... |
| CVE-2020-7071 | In PHP versions 7.3.x below 7.3.26, 7.4.x below 7.4.14 and 8.0.0, when ... |
| CVE-2020-7070 | In PHP versions 7.2.x below 7.2.34, 7.3.x below 7.3.23 and 7.4.x below ... |
| CVE-2020-7069 | In PHP versions 7.2.x below 7.2.34, 7.3.x below 7.3.23 and 7.4.x below ... |
| CVE-2020-7068 | In PHP versions 7.2.x below 7.2.33, 7.3.x below 7.3.21 and 7.4.x below ... |
| CVE-2020-7067 | In PHP versions 7.2.x below 7.2.30, 7.3.x below 7.3.17 and 7.4.x below ... |
| CVE-2020-7066 | In PHP versions 7.2.x below 7.2.29, 7.3.x below 7.3.16 and 7.4.x below ... |
| CVE-2020-7065 | In PHP versions 7.3.x below 7.3.16 and 7.4.x below 7.4.4, while using ... |
| CVE-2020-7064 | In PHP versions 7.2.x below 7.2.9, 7.3.x below 7.3.16 and 7.4.x below ... |
| CVE-2020-7063 | In PHP versions 7.2.x below 7.2.28, 7.3.x below 7.3.15 and 7.4.x below ... |
| CVE-2020-7062 | In PHP versions 7.2.x below 7.2.28, 7.3.x below 7.3.15 and 7.4.x below ... |
| CVE-2020-7061 | In PHP versions 7.3.x below 7.3.15 and 7.4.x below 7.4.3, while extrac ... |
| CVE-2020-7060 | When using certain mbstring functions to convert multibyte encodings, ... |
| CVE-2020-7059 | When using fgetss() function to read data with stripping tags, in PHP ... |
| CVE-2019-18218 | cdf_read_property_info in cdf.c in file through 5.37 does not restrict ... |
| CVE-2019-13224 | A use-after-free in onig_new_deluxe() in regext.c in Oniguruma 6.9.2 a ... |
| CVE-2019-11050 | When PHP EXIF extension is parsing EXIF information from an image, e.g ... |
| CVE-2019-11049 | In PHP versions 7.3.x below 7.3.13 and 7.4.0 on Windows, when supplyin ... |
| CVE-2019-11048 | In PHP versions 7.2.x below 7.2.31, 7.3.x below 7.3.18 and 7.4.x below ... |
| CVE-2019-11047 | When PHP EXIF extension is parsing EXIF information from an image, e.g ... |
| CVE-2019-11046 | In PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0, PHP ... |
| CVE-2019-11045 | In PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0, PHP ... |
| CVE-2019-11044 | In PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0 on Wi ... |
| CVE-2019-11043 | In PHP versions 7.1.x below 7.1.33, 7.2.x below 7.2.24 and 7.3.x below ... |
| CVE-2019-11042 | When PHP EXIF extension is parsing EXIF information from an image, e.g ... |
| CVE-2019-11041 | When PHP EXIF extension is parsing EXIF information from an image, e.g ... |
| CVE-2019-11040 | When PHP EXIF extension is parsing EXIF information from an image, e.g ... |
| CVE-2019-11039 | Function iconv_mime_decode_headers() in PHP versions 7.1.x below 7.1.3 ... |
| CVE-2019-11038 | When using the gdImageCreateFromXbm() function in the GD Graphics Libr ... |
| CVE-2019-11036 | When processing certain files, PHP EXIF extension in versions 7.1.x be ... |
| CVE-2019-11035 | When processing certain files, PHP EXIF extension in versions 7.1.x be ... |
| CVE-2019-11034 | When processing certain files, PHP EXIF extension in versions 7.1.x be ... |
| CVE-2019-9675 | An issue was discovered in PHP 7.x before 7.1.27 and 7.3.x before 7.3. ... |
| CVE-2019-9641 | An issue was discovered in the EXIF component in PHP before 7.1.27, 7. ... |
| CVE-2019-9640 | An issue was discovered in the EXIF component in PHP before 7.1.27, 7. ... |
| CVE-2019-9639 | An issue was discovered in the EXIF component in PHP before 7.1.27, 7. ... |
| CVE-2019-9638 | An issue was discovered in the EXIF component in PHP before 7.1.27, 7. ... |
| CVE-2019-9637 | An issue was discovered in PHP before 7.1.27, 7.2.x before 7.2.16, and ... |
| CVE-2019-9024 | An issue was discovered in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x ... |
| CVE-2019-9023 | An issue was discovered in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x ... |
| CVE-2019-9022 | An issue was discovered in PHP 7.x before 7.1.26, 7.2.x before 7.2.14, ... |
| CVE-2019-9021 | An issue was discovered in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x ... |
| CVE-2019-9020 | An issue was discovered in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x ... |
| CVE-2018-20783 | In PHP before 5.6.39, 7.x before 7.0.33, 7.1.x before 7.1.25, and 7.2. ... |
| CVE-2018-19935 | ext/imap/php_imap.c in PHP 5.x and 7.x before 7.3.0 allows remote atta ... |
| CVE-2018-19518 | University of Washington IMAP Toolkit 2007f on UNIX, as used in imap_o ... |
| CVE-2018-19396 | ext/standard/var_unserializer.c in PHP 5.x through 7.1.24 allows attac ... |
| CVE-2018-19395 | ext/standard/var.c in PHP 5.x through 7.1.24 on Windows allows attacke ... |
| CVE-2018-17082 | The Apache2 component in PHP before 5.6.38, 7.0.x before 7.0.32, 7.1.x ... |
| CVE-2018-15132 | An issue was discovered in ext/standard/link_win32.c in PHP before 5.6 ... |
| CVE-2018-14884 | An issue was discovered in PHP 7.0.x before 7.0.27, 7.1.x before 7.1.1 ... |
| CVE-2018-14883 | An issue was discovered in PHP before 5.6.37, 7.0.x before 7.0.31, 7.1 ... |
| CVE-2018-14851 | exif_process_IFD_in_MAKERNOTE in ext/exif/exif.c in PHP before 5.6.37, ... |
| CVE-2018-12882 | exif_read_from_impl in ext/exif/exif.c in PHP 7.2.x through 7.2.7 allo ... |
| CVE-2018-10549 | An issue was discovered in PHP before 5.6.36, 7.0.x before 7.0.30, 7.1 ... |
| CVE-2018-10548 | An issue was discovered in PHP before 5.6.36, 7.0.x before 7.0.30, 7.1 ... |
| CVE-2018-10547 | An issue was discovered in ext/phar/phar_object.c in PHP before 5.6.36 ... |
| CVE-2018-10546 | An issue was discovered in PHP before 5.6.36, 7.0.x before 7.0.30, 7.1 ... |
| CVE-2018-10545 | An issue was discovered in PHP before 5.6.35, 7.0.x before 7.0.29, 7.1 ... |
| CVE-2018-7584 | In PHP through 5.6.33, 7.0.x before 7.0.28, 7.1.x through 7.1.14, and ... |
| CVE-2018-5712 | An issue was discovered in PHP before 5.6.33, 7.0.x before 7.0.27, 7.1 ... |
| CVE-2018-5711 | gd_gif_in.c in the GD Graphics Library (aka libgd), as used in PHP bef ... |
| CVE-2017-16642 | In PHP before 5.6.32, 7.x before 7.0.25, and 7.1.x before 7.1.11, an e ... |
| CVE-2017-12934 | ext/standard/var_unserializer.re in PHP 7.0.x before 7.0.21 and 7.1.x ... |
| CVE-2017-12933 | The finish_nested_data function in ext/standard/var_unserializer.re in ... |
| CVE-2017-12932 | ext/standard/var_unserializer.re in PHP 7.0.x through 7.0.22 and 7.1.x ... |
| CVE-2017-11628 | In PHP before 5.6.31, 7.x before 7.0.21, and 7.1.x before 7.1.7, a sta ... |
| CVE-2017-11362 | In PHP 7.x before 7.0.21 and 7.1.x before 7.1.7, ext/intl/msgformat/ms ... |
| CVE-2017-11147 | In PHP before 5.6.30 and 7.x before 7.0.15, the PHAR archive handler c ... |
| CVE-2017-11145 | In PHP before 5.6.31, 7.x before 7.0.21, and 7.1.x before 7.1.7, an er ... |
| CVE-2017-11144 | In PHP before 5.6.31, 7.x before 7.0.21, and 7.1.x before 7.1.7, the o ... |
| CVE-2017-11143 | In PHP before 5.6.31, an invalid free in the WDDX deserialization of b ... |
| CVE-2017-11142 | In PHP before 5.6.31, 7.x before 7.0.17, and 7.1.x before 7.1.3, remot ... |
| CVE-2017-7890 | The GIF decoding function gdImageCreateFromGifCtx in gd_gif_in.c in th ... |
| CVE-2017-5340 | Zend/zend_hash.c in PHP before 7.0.15 and 7.1.x before 7.1.1 mishandle ... |
| CVE-2016-10712 | In PHP before 5.5.32, 5.6.x before 5.6.18, and 7.x before 7.0.3, all o ... |
| CVE-2016-10397 | In PHP before 5.6.28 and 7.x before 7.0.13, incorrect handling of vari ... |
| CVE-2016-10168 | Integer overflow in gd_io.c in the GD Graphics Library (aka libgd) bef ... |
| CVE-2016-10167 | The gdImageCreateFromGd2Ctx function in gd_gd2.c in the GD Graphics Li ... |
| CVE-2016-10162 | The php_wddx_pop_element function in ext/wddx/wddx.c in PHP 7.0.x befo ... |
| CVE-2016-10161 | The object_common1 function in ext/standard/var_unserializer.c in PHP ... |
| CVE-2016-10160 | Off-by-one error in the phar_parse_pharfile function in ext/phar/phar. ... |
| CVE-2016-10159 | Integer overflow in the phar_parse_pharfile function in ext/phar/phar. ... |
| CVE-2016-10158 | The exif_convert_any_to_int function in ext/exif/exif.c in PHP before ... |
| CVE-2016-9936 | The unserialize implementation in ext/standard/var.c in PHP 7.x before ... |
| CVE-2016-9935 | The php_wddx_push_element function in ext/wddx/wddx.c in PHP before 5. ... |
| CVE-2016-9934 | ext/wddx/wddx.c in PHP before 5.6.28 and 7.x before 7.0.13 allows remo ... |
| CVE-2016-9933 | Stack consumption vulnerability in the gdImageFillToBorder function in ... |
| CVE-2016-9138 | PHP through 5.6.27 and 7.x through 7.0.12 mishandles property modifica ... |
| CVE-2016-9137 | Use-after-free vulnerability in the CURLFile implementation in ext/cur ... |
| CVE-2016-7568 | Integer overflow in the gdImageWebpCtx function in gd_webp.c in the GD ... |
| CVE-2016-7480 | The SplObjectStorage unserialize implementation in ext/spl/spl_observe ... |
| CVE-2016-7479 | In all versions of PHP 7, during the unserialization process, resizing ... |
| CVE-2016-7478 | Zend/zend_exceptions.c in PHP, possibly 5.x before 5.6.28 and 7.x befo ... |
| CVE-2016-7418 | The php_wddx_push_element function in ext/wddx/wddx.c in PHP before 5. ... |
| CVE-2016-7417 | ext/spl/spl_array.c in PHP before 5.6.26 and 7.x before 7.0.11 proceed ... |
| CVE-2016-7416 | ext/intl/msgformat/msgformat_format.c in PHP before 5.6.26 and 7.x bef ... |
| CVE-2016-7414 | The ZIP signature-verification feature in PHP before 5.6.26 and 7.x be ... |
| CVE-2016-7413 | Use-after-free vulnerability in the wddx_stack_destroy function in ext ... |
| CVE-2016-7412 | ext/mysqlnd/mysqlnd_wireprotocol.c in PHP before 5.6.26 and 7.x before ... |
| CVE-2016-7411 | ext/standard/var_unserializer.re in PHP before 5.6.26 mishandles objec ... |
| CVE-2016-7134 | ext/curl/interface.c in PHP 7.x before 7.0.10 does not work around a l ... |
| CVE-2016-7133 | Zend/zend_alloc.c in PHP 7.x before 7.0.10, when open_basedir is enabl ... |
| CVE-2016-7132 | ext/wddx/wddx.c in PHP before 5.6.25 and 7.x before 7.0.10 allows remo ... |
| CVE-2016-7131 | ext/wddx/wddx.c in PHP before 5.6.25 and 7.x before 7.0.10 allows remo ... |
| CVE-2016-7130 | The php_wddx_pop_element function in ext/wddx/wddx.c in PHP before 5.6 ... |
| CVE-2016-7129 | The php_wddx_process_data function in ext/wddx/wddx.c in PHP before 5. ... |
| CVE-2016-7128 | The exif_process_IFD_in_TIFF function in ext/exif/exif.c in PHP before ... |
| CVE-2016-7127 | The imagegammacorrect function in ext/gd/gd.c in PHP before 5.6.25 and ... |
| CVE-2016-7126 | The imagetruecolortopalette function in ext/gd/gd.c in PHP before 5.6. ... |
| CVE-2016-7125 | ext/session/session.c in PHP before 5.6.25 and 7.x before 7.0.10 skips ... |
| CVE-2016-7124 | ext/standard/var_unserializer.c in PHP before 5.6.25 and 7.x before 7. ... |
| CVE-2016-6297 | Integer overflow in the php_stream_zip_opener function in ext/zip/zip_ ... |
| CVE-2016-6296 | Integer signedness error in the simplestring_addn function in simplest ... |
| CVE-2016-6295 | ext/snmp/snmp.c in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x bef ... |
| CVE-2016-6294 | The locale_accept_from_http function in ext/intl/locale/locale_methods ... |
| CVE-2016-6292 | The exif_process_user_comment function in ext/exif/exif.c in PHP befor ... |
| CVE-2016-6291 | The exif_process_IFD_in_MAKERNOTE function in ext/exif/exif.c in PHP b ... |
| CVE-2016-6290 | ext/session/session.c in PHP before 5.5.38, 5.6.x before 5.6.24, and 7 ... |
| CVE-2016-6289 | Integer overflow in the virtual_file_ex function in TSRM/tsrm_virtual_ ... |
| CVE-2016-6207 | Integer overflow in the _gdContributionsAlloc function in gd_interpola ... |
| CVE-2016-6128 | The gdImageCropThreshold function in gd_crop.c in the GD Graphics Libr ... |
| CVE-2016-5773 | php_zip.c in the zip extension in PHP before 5.5.37, 5.6.x before 5.6. ... |
| CVE-2016-5772 | Double free vulnerability in the php_wddx_process_data function in wdd ... |
| CVE-2016-5771 | spl_array.c in the SPL extension in PHP before 5.5.37 and 5.6.x before ... |
| CVE-2016-5770 | Integer overflow in the SplFileObject::fread function in spl_directory ... |
| CVE-2016-5769 | Multiple integer overflows in mcrypt.c in the mcrypt extension in PHP ... |
| CVE-2016-5768 | Double free vulnerability in the _php_mb_regex_ereg_replace_exec funct ... |
| CVE-2016-5767 | Integer overflow in the gdImageCreate function in gd.c in the GD Graph ... |
| CVE-2016-5766 | Integer overflow in the _gd2GetHeader function in gd_gd2.c in the GD G ... |
| CVE-2016-5399 | The bzread function in ext/bz2/bz2.c in PHP before 5.5.38, 5.6.x befor ... |
| CVE-2016-5385 | PHP through 7.0.8 does not attempt to address RFC 3875 section 4.1.18 ... |
| CVE-2016-5093 | The get_icu_value_internal function in ext/intl/locale/locale_methods. ... |
| CVE-2016-4544 | The exif_process_TIFF_in_JPEG function in ext/exif/exif.c in PHP befor ... |
| CVE-2016-4543 | The exif_process_IFD_in_JPEG function in ext/exif/exif.c in PHP before ... |
| CVE-2016-4542 | The exif_process_IFD_TAG function in ext/exif/exif.c in PHP before 5.5 ... |
| CVE-2016-4541 | The grapheme_strpos function in ext/intl/grapheme/grapheme_string.c in ... |
| CVE-2016-4540 | The grapheme_stripos function in ext/intl/grapheme/grapheme_string.c i ... |
| CVE-2016-4539 | The xml_parse_into_struct function in ext/xml/xml.c in PHP before 5.5. ... |
| CVE-2016-4538 | The bcpowmod function in ext/bcmath/bcmath.c in PHP before 5.5.35, 5.6 ... |
| CVE-2016-4537 | The bcpowmod function in ext/bcmath/bcmath.c in PHP before 5.5.35, 5.6 ... |
| CVE-2016-4346 | Integer overflow in the str_pad function in ext/standard/string.c in P ... |
| CVE-2016-4345 | Integer overflow in the php_filter_encode_url function in ext/filter/s ... |
| CVE-2016-4344 | Integer overflow in the xml_utf8_encode function in ext/xml/xml.c in P ... |
| CVE-2016-4343 | The phar_make_dirstream function in ext/phar/dirstream.c in PHP before ... |
| CVE-2016-4342 | ext/phar/phar_object.c in PHP before 5.5.32, 5.6.x before 5.6.18, and ... |
| CVE-2016-4073 | Multiple integer overflows in the mbfl_strcut function in ext/mbstring ... |
| CVE-2016-4072 | The Phar extension in PHP before 5.5.34, 5.6.x before 5.6.20, and 7.x ... |
| CVE-2016-4071 | Format string vulnerability in the php_snmp_error function in ext/snmp ... |
| CVE-2016-4070 | Integer overflow in the php_raw_url_encode function in ext/standard/ur ... |
| CVE-2016-3185 | The make_http_soap_request function in ext/soap/php_http.c in PHP befo ... |
| CVE-2016-3132 | Double free vulnerability in the SplDoublyLinkedList::offsetSet functi ... |
| CVE-2016-3078 | Multiple integer overflows in php_zip.c in the zip extension in PHP be ... |
| CVE-2016-3074 | Integer signedness error in GD Graphics Library 2.1.1 (aka libgd or li ... |
| CVE-2016-2554 | Stack-based buffer overflow in ext/phar/tar.c in PHP before 5.5.32, 5. ... |
| CVE-2016-1904 | Multiple integer overflows in ext/standard/exec.c in PHP 7.x before 7. ... |
| CVE-2016-1903 | The gdImageRotateInterpolated function in ext/gd/libgd/gd_interpolatio ... |
| CVE-2015-8994 | An issue was discovered in PHP 5.x and 7.x, when the configuration use ... |
| CVE-2015-8880 | Double free vulnerability in the format printer in PHP 7.x before 7.0. ... |
| CVE-2015-8879 | The odbc_bindcols function in ext/odbc/php_odbc.c in PHP before 5.6.12 ... |
| CVE-2015-8877 | The gdImageScaleTwoPass function in gd_interpolation.c in the GD Graph ... |
| CVE-2015-8876 | Zend/zend_exceptions.c in PHP before 5.4.44, 5.5.x before 5.5.28, and ... |
| CVE-2015-8874 | Stack consumption vulnerability in GD in PHP before 5.6.12 allows remo ... |
| CVE-2015-8867 | The openssl_random_pseudo_bytes function in ext/openssl/openssl.c in P ... |
| CVE-2015-8865 | The file_check_mem function in funcs.c in file before 5.23, as used in ... |
| CVE-2015-8617 | Format string vulnerability in the zend_throw_or_error function in Zen ... |
| CVE-2015-8616 | Use-after-free vulnerability in the Collator::sortWithSortKeys functio ... |
| CVE-2013-7456 | gd_interpolation.c in the GD Graphics Library (aka libgd) before 2.1.1 ... |