PHP 7.1

Argument Injection in PHP-CGI

php: Use of uninitialized value in SplObjectStorag::unserialize

php: Segfault in i_zval_ptr_dtor()

php: Overflowing the length of string causes crash

php: Integer overflow in mysqli_api.c:mysqli_real_escape_string()

php: Use After Free in unserialize()

php: Off-by-one error in phar_parse_pharfile when loading crafted phar archive

php: Use-after-free vulnerability when resizing the 'properties' hash table of a serialized object

php: Use of uninitialized memory in unserialize()

oniguruma: Out-of-bounds heap write in bitset_set_range()

oniguruma: Out-of-bounds stack read in mbc_enc_len() during regular expression searching

oniguruma: Heap buffer overflow in next_state_val() during regular expression compilation

oniguruma: Out-of-bounds stack read in match_at() during regular expression searching

php: Stack-based buffer over-read in msgfmt_parse_message function

php: buffer over-read in finish_nested_data function

php: Heap use after free in ext/standard/var_unserializer.re

pcre: heap buffer overflow in handling of duplicate named groups (8.39/14)

oniguruma: Use-after-free in onig_new_deluxe() in regext.c

php: Stack-based buffer under-read in php_stream_url_wrap_http_ex() in http_fopen_wrapper.c when parsing HTTP response

php: Invalid memory access in function xmlrpc_decode()

php: Heap-based buffer over-read in PHAR reading functions

php: Heap-based buffer over-read in mbstring regular expression functions

php: Uninitialized read in exif_process_IFD_in_TIFF

php: libxml_disable_entity_loader setting is shared between threads

php: Out-of-bounds read in phar_parse_pharfile

Heap over-read in PHP EXIF extension

Heap over-read in PHP EXIF extension

Heap over-read in PHP EXIF extension

Out-of-bounds read in iconv.c

Heap buffer overflow in EXIF extension

php: Out-of-bounds read in ext/exif/exif.c:exif_read_data() when reading crafted JPEG data

gd: Heap-based buffer overflow in gdImageColorMatch() in gd_color_match.c

Underflow in PHP-FPM can lead to RCE

php: buffer overflow in ext/phar/tar.c

php: Stack based 1-byte buffer over-write in zend_ini_do_op() function Zend/zend_ini_parser.c

php: Null pointer dereference via crafted "declare(ticks="

php: Out of bounds access in php_pcre.c:php_pcre_replace_impl()

php: NULL Pointer Dereference in WDDX Packet Deserialization with PDORow

gd: Stack overflow in gdImageFillToBorder on truecolor images

php: Integer overflow in phar_parse_pharfile

php: Wrong calculation in exif_convert_any_to_int function

php: Null pointer dereference when unserializing PHP object

php: Out-of-bounds heap read on unserialize in finish_nested_data()

php: Denial-of-Service via injecting long form variables

oniguruma: Invalid pointer dereference in left_adjust_char_head()

php: Incorrect return value check of OpenSSL sealing function leads to crash

php: wddx_deserialize() heap out-of-bound read via php_parse_date()

php: heap use after free in ext/standard/var_unserializer.re

php: Incorrect WDDX deserialization of boolean parameters leads to DoS

php: Out-of-bound read in timelib_meridian()

php: Mishandled http_header_value in an atoi() call in http_fopen_wrapper.c

php: NULL pointer dereference due to mishandling of ldap_get_dn return value allows DoS via malicious LDAP server reply

php: Infinite loop in ext/iconv/iconv.c when using stream filter with convert.incov on invalid sequence leads to denial-of-service

php: exif: integer overflow leading to out-of-bound buffer read in exif_thumbnail_extract()

php: imap_open() allows running arbitrary shell commands via mailbox parameter

php: Serializing or unserializing COM objects crashes

php: NULL pointer dereference in ext/imap/php_imap.c resulting in a denial of service

php: Buffer over-read in PHAR reading functions

php: memcpy with negative length via crafted DNS response

php: Out-of-bounds read in base64_decode_xmlrpc in ext/xmlrpc/libxmlrpc/base64.c

php: File rename across filesystems may allow unwanted access during processing

php: Uninitialized read in exif_process_IFD_in_MAKERNOTE

php: Uninitialized read in exif_process_IFD_in_MAKERNOTE

php: Invalid read in exif_process_SOFn()

php: potential SSRF via fsockopen

heap-buffer-overflow on exif_process_user_comment in EXIF extension

heap-buffer-overflow on exif_scan_thumbnail in EXIF extension

$_COOKIE names string replacement (. -> _): cookie integrity vulnerabilities

php: Infinite loop in php-fpm when restarting a child using program execution function

php: Buffer over-read from unitialized data in gdImageCreateFromGifCtx function

php: Reflected XSS vulnerability on PHAR 403 and 404 error pages

php: Cross-site scripting (XSS) flaw in Apache2 component via body of 'Transfer-Encoding: chunked' request

php: Reflected XSS on PHAR 404 page

php: exif: Buffer over-read in exif_process_IFD_in_MAKERNOTE()

gd: Infinite loop in gdImageCreateFromGifCtx() in gd_gif_in.c

Uninitialized read in gdImageCreateFromXbm

php: Dumpable FPM child processes allow bypassing opcache access controls

phar wrapper can occur dos when using quine gzip file