PHP 7.0

Argument Injection in PHP-CGI

php: Use After Free Vulnerability in PHP's GC algorithm and unserialize

php: Use after free in unserialize() with Unexpected Session Deserialization

php: Int/size_t confusion in SplFileObject::fread

php: Double free in SplDoublyLinkedList::offsetSet

php: Heap-based buffer over-read in PHAR reading functions

php: Invalid memory access in function xmlrpc_decode()

php: Uninitialized read in exif_process_IFD_in_TIFF

php: Double free vulnerability in error condition of format printer

php: Integer overflow in gdImageWebpCtx

php: Overflowing the length of string causes crash

php: Stack based buffer overflow in dynamicGetbuf

php: Use after free in unserialize()

php: Use after free in unserialize() via DateInterval::__wakeup()

php: Format string vulnerability in class name error message

php: buffer overflow in handling of long link names in tar phar archives

pcre: Integer overflow caused by missing check for certain conditions (8.38/31)

pcre: inefficient posix character class syntax check (8.38/16)

pcre: uninitialized memory read triggered by malformed posix character class (8.38/22)

pcre: infinite recursion in JIT compiler when processing certain patterns (8.38/21)

pcre: Buffer overflow caused by lookbehind assertion (8.38/6)

pcre: Buffer overflow caused by repeated conditional group (8.38/3)

php: Multiple heap overflows due to integer overflows

php: Multiple heap overflows due to integer overflows

php: Multiple heap overflows due to integer overflows

php: Format string vulnerability in php_snmp_error()

php: Invalid memory write in phar on filename containing \0 inside name

php: mb_strcut() Negative size parameter in memcpy

php: Heap overflow caused by integer overflow when reading zip files in ZipArchive

php: xml_parse_into_struct() can crash when XML parser is re-used

php: OOB read in grapheme_stripos and grapheme_strpos when negative offset is used

php: OOB read in grapheme_stripos and grapheme_strpos when negative offset is used

php: Signedness vulnerability causing heap overflow in libgd

php: Out-of-bounds heap memory read in exif_read_data() caused by malformed input

php: Out-of-bounds heap memory read in exif_read_data() caused by malformed input

php: Out-of-bounds heap memory read in exif_read_data() caused by malformed input

php: bcpowmod accepts negative scale causing heap buffer overflow corrupting _one_ definition

php: bcpowmod accepts negative scale causing heap buffer overflow corrupting _one_ definition

php: ZipArchive class Use After Free Vulnerability in PHP's GC algorithm and unserialize

php: Double Free Corruption in wddx_deserialize

php: Invalid free() instead of efree() in phar_extract_file()

php: Integer Overflows in mcrypt_generic() and mdecrypt_generic() resulting in heap overflows

php: Double free in _php_mb_regex_ereg_replace_exec

php: Heap buffer overflow vulnerability in simplestring_addn in simplestring.c

php: Use after free in SNMP with GC and unserialize()

php: Out-of-bounds access in locale_accept_from_http

php: Out-of-bounds access in exif_process_IFD_in_MAKERNOTE

php: wddx_deserialize allows illegal memory access

php: imagegammacorrect allows arbitrary write access

php: select_colors write out-of-bounds

php: Heap overflow in curl_escape

php: bypass __wakeup() in deserialization of an unexpected object

php: Use after free in wddx_deserialize

php: Missing type check when unserializing SplArray

php: Out of bounds heap read when verifying signature of zip phar in phar_parse_zipfile

php: Invalid read when wddx decodes empty boolean element

php: Use After Free in unserialize()

php: Off-by-one error in phar_parse_pharfile when loading crafted phar archive

php: Use-after-free vulnerability when resizing the 'properties' hash table of a serialized object

php: Use of uninitialized memory in unserialize()

oniguruma: Out-of-bounds heap write in bitset_set_range()

oniguruma: Out-of-bounds stack read in mbc_enc_len() during regular expression searching

oniguruma: Heap buffer overflow in next_state_val() during regular expression compilation

oniguruma: Out-of-bounds stack read in match_at() during regular expression searching

php: Stack-based buffer over-read in msgfmt_parse_message function

php: buffer over-read in finish_nested_data function

php: Heap use after free in ext/standard/var_unserializer.re

pcre: heap buffer overflow in handling of duplicate named groups (8.39/14)

php: Stack-based buffer under-read in php_stream_url_wrap_http_ex() in http_fopen_wrapper.c when parsing HTTP response

php: libxml_disable_entity_loader setting is shared between threads

php: Out-of-bounds memory read via gdImageRotateInterpolated

php: out-of-bounds write in fpm_log.c

php: Out-of-bounds read in phar_parse_pharfile

php: Uninitialized pointer in phar_make_dirstream()

php: use of uninitialized pointer in PharFileInfo::getContent

gd: Integer Overflow in gdImagePaletteToTrueColor() resulting in heap overflow

gd: Integer overflow in _gd2GetHeader() resulting in heap overflow

php: Stack-based buffer overflow vulnerability in php_stream_zip_opener

php: Out-of-bounds read in ext/exif/exif.c:exif_read_data() when reading crafted JPEG data

php: Use after free vulnerability in Collator::sortWithSortKeys

php: improper nul termination leading to out-of-bounds read in get_icu_value_internal

PHP: sets environmental variable based on user supplied Proxy request header

php: memory allocator fails to realloc small block to large one

php: Heap overflow in mysqlnd when not receiving UNSIGNED_FLAG in BIT field

php: Improper error handling in bzread()

php: Integer overflow leads to buffer overflow in virtual_file_ex

php: Stack based 1-byte buffer over-write in zend_ini_do_op() function Zend/zend_ini_parser.c

gd: incorrect boundary adjustment in _gdContributionsCalc

php: Out-of-bounds read in base64_decode_xmlrpc in ext/xmlrpc/libxmlrpc/base64.c

php: File rename across filesystems may allow unwanted access during processing

php: Uninitialized read in exif_process_IFD_in_MAKERNOTE

php: Uninitialized read in exif_process_IFD_in_MAKERNOTE

gd: Invalid color index not properly handled

php: Unserialize Exception object can lead to infinite loop

php: Zend OPCache code permission/sensitive data protection issues

php: Incorrect handling of URI components in URL parser

php: Output of stream_get_meta_data can be falsified by its input

php: misparsing fsockopen calls in main/streams/xp_socket.c leads to information disclosure

php: openssl_random_pseudo_bytes() is not cryptographically secure

php: odbc_bindcols function mishandles driver behavior for SQL_WVARCHAR columns

gd: gdImageFillToBorder deep recursion leading to stack overflow

pcre: pcregrep -q is not always quiet (8.38/28)

php: Integer overflow in php_raw_url_encode

php: wddx_deserialize null dereference in php_wddx_pop_element

php: wddx_deserialize null dereference with invalid xml

php: wddx_deserialize null dereference

php: Session Data Injection Vulnerability

php: Null pointer dereference in php_wddx_push_element

php: Stack based buffer overflow in msgfmt_format_message

php: NULL Pointer Dereference in WDDX Packet Deserialization with PDORow

gd: Stack overflow in gdImageFillToBorder on truecolor images

php: Integer overflow in phar_parse_pharfile

php: Wrong calculation in exif_convert_any_to_int function

php: Null pointer dereference when unserializing PHP object

php: Out-of-bounds heap read on unserialize in finish_nested_data()

php: Denial-of-Service via injecting long form variables

php: Incorrect return value check of OpenSSL sealing function leads to crash

oniguruma: Invalid pointer dereference in left_adjust_char_head()

php: wddx_deserialize() heap out-of-bound read via php_parse_date()

php: heap use after free in ext/standard/var_unserializer.re

php: Incorrect WDDX deserialization of boolean parameters leads to DoS

php: Out-of-bound read in timelib_meridian()

php: Mishandled http_header_value in an atoi() call in http_fopen_wrapper.c

php: NULL pointer dereference due to mishandling of ldap_get_dn return value allows DoS via malicious LDAP server reply

php: Infinite loop in ext/iconv/iconv.c when using stream filter with convert.incov on invalid sequence leads to denial-of-service

php: exif: integer overflow leading to out-of-bound buffer read in exif_thumbnail_extract()

php: imap_open() allows running arbitrary shell commands via mailbox parameter

php: Serializing or unserializing COM objects crashes

php: NULL pointer dereference in ext/imap/php_imap.c resulting in a denial of service

php: Buffer over-read in PHAR reading functions

php: potential SSRF via fsockopen

php: Arbitrary code execution in str_ireplace function

php: heap buffer overflow in escapeshell functions

pcre: Integer overflow in subroutine calls (8.38/8)

file: Buffer over-write in finfo_open with malformed magic file

php: Type confusion vulnerability in make_http_soap_request()

php: uninitialized pointer in phar_make_dirstream()

php: Infinite loop in php-fpm when restarting a child using program execution function

$_COOKIE names string replacement (. -> _): cookie integrity vulnerabilities

php,gd: Integer overflow error within _gdContributionsAlloc()

php: Null pointer dereference in exif_process_user_comment

php: Buffer over-read from unitialized data in gdImageCreateFromGifCtx function

php: Reflected XSS vulnerability on PHAR 403 and 404 error pages

php: Cross-site scripting (XSS) flaw in Apache2 component via body of 'Transfer-Encoding: chunked' request

php: Reflected XSS on PHAR 404 page

php: exif: Buffer over-read in exif_process_IFD_in_MAKERNOTE()

gd: Infinite loop in gdImageCreateFromGifCtx() in gd_gif_in.c

php: Memory Leakage In exif_process_IFD_in_TIFF

php: Dumpable FPM child processes allow bypassing opcache access controls

php: ZipArchive:: extractTo allows for directory traversal when creating directories

phar wrapper can occur dos when using quine gzip file