PHP 7.3

Argument Injection in PHP-CGI

php: Overflowing the length of string causes crash

oniguruma: Use-after-free in onig_new_deluxe() in regext.c

php: Invalid memory access in function xmlrpc_decode()

php: Heap-based buffer over-read in PHAR reading functions

php: Heap-based buffer over-read in mbstring regular expression functions

php: Negative size parameter in mb_split

php: Uninitialized read in exif_process_IFD_in_TIFF

Heap over-read in PHP EXIF extension

Heap over-read in PHP EXIF extension

Heap over-read in PHP EXIF extension

Out-of-bounds read in iconv.c

Heap buffer overflow in EXIF extension

gd: Heap-based buffer overflow in gdImageColorMatch() in gd_color_match.c

Underflow in PHP-FPM can lead to RCE

php: buffer overflow in ext/phar/tar.c

PHP-FPM memory access in root process leading to privilege escalation

oniguruma: Heap-based buffer overflow in str_lower_case_match in regexec.c

php: Buffer over-read in PHAR reading functions

php: imap_open() allows running arbitrary shell commands via mailbox parameter

php: NULL pointer dereference in ext/imap/php_imap.c resulting in a denial of service

php: memcpy with negative length via crafted DNS response

php: Out-of-bounds read in base64_decode_xmlrpc in ext/xmlrpc/libxmlrpc/base64.c

php: File rename across filesystems may allow unwanted access during processing

php: Uninitialized read in exif_process_IFD_in_MAKERNOTE

php: Uninitialized read in exif_process_IFD_in_MAKERNOTE

php: Invalid read in exif_process_SOFn()

Null Pointer Dereference in PHP Session Upload Progress

OOB Read in urldecode()

mb_strtolower (UTF-32LE): stack-buffer-overflow at php_unicode_tolower_full

heap-buffer-overflow on exif_process_user_comment in EXIF extension

heap-buffer-overflow on exif_scan_thumbnail in EXIF extension

$_COOKIE names string replacement (. -> _): cookie integrity vulnerabilities

php: Infinite loop in php-fpm when restarting a child using program execution function

mail() may release string with refcount==1 twice

OOB read in php_strip_tags_ex

global buffer-overflow in mbfl_filt_conv_big5_wchar

heap-buffer-overflow in phar_extract_file

Use-of-uninitialized-value in exif

Files added to tar with Phar::buildFromIterator have all-access permissions

Wrong ciphertext/tag in AES-CCM encryption for a 12 bytes IV

Filter bypass in filter_var (FILTER_VALIDATE_URL)

Uninitialized read in gdImageCreateFromXbm

Temporary files are not cleaned after OOM when parsing HTTP request data

get_headers() silently truncates after a null byte

FILTER_VALIDATE_URL accepts URLs with invalid userinfo

Null Dereference in SoapClient

ZipArchive::extractTo may extract outside of destination dir

Special characters break path parsing in XML functions

Multiple vulnerabilities in Firebird client extension

Heap-buffer-overflow READ in exif

Use-after-free in exif parsing under memory sanitizer

Use of freed hash key in the phar_parse_zipfile function

PHP parses encoded cookie names so malicious `__Host-` cookies can be sent

Incorrect URL validation in FILTER_VALIDATE_URL

link() silently truncates after a null byte on Windows

DirectoryIterator class silently truncates after a null byte

Buffer underflow in bc_shift_addsub

phar wrapper can occur dos when using quine gzip file