CVE-2016-10158 – php: Wrong calculation in exif_convert_any_to_int function
https://notcve.org/view.php?id=CVE-2016-10158
The exif_convert_any_to_int function in ext/exif/exif.c in PHP before 5.6.30, 7.0.x before 7.0.15, and 7.1.x before 7.1.1 allows remote attackers to cause a denial of service (application crash) via crafted EXIF data that triggers an attempt to divide the minimum representable negative integer by -1. La función exif_convert_any_to_int en ext/exif/exif.c en PHP en versiones anteriores a 5.6.30, 7.0.x en versiones anteriores a 7.0.15, y 7.1.x en versiones anteriores a 7.1.1 permite a atacantes remotos provocar una denegación de servicio (caída de aplicación) a través de datos EXIF manipulados que desencadenan un intento de dividir el entero negativo mínimo representable por -1. It was found that the exif_convert_any_to_int() function in PHP was vulnerable to floating point exceptions when parsing tags in image files. A remote attacker with the ability to upload a malicious image could crash PHP, causing a Denial of Service. • http://php.net/ChangeLog-5.php http://php.net/ChangeLog-7.php http://www.debian.org/security/2017/dsa-3783 http://www.securityfocus.com/bid/95764 http://www.securitytracker.com/id/1037659 https://access.redhat.com/errata/RHSA-2018:1296 https://bugs.php.net/bug.php?id=73737 https://github.com/php/php-src/commit/1cda0d7c2ffb62d8331c64e703131d9cabdc03ea https://security.gentoo.org/glsa/201702-29 https://security.netapp.com/advisory/ntap-20180112-0001 https://www.tenable.co • CWE-189: Numeric Errors CWE-682: Incorrect Calculation •
CVE-2016-10159 – php: Integer overflow in phar_parse_pharfile
https://notcve.org/view.php?id=CVE-2016-10159
Integer overflow in the phar_parse_pharfile function in ext/phar/phar.c in PHP before 5.6.30 and 7.0.x before 7.0.15 allows remote attackers to cause a denial of service (memory consumption or application crash) via a truncated manifest entry in a PHAR archive. Desbordamiento de entero en la función phar_parse_pharfile en ext/phar/phar.c en PHP en versiones anteriores a 5.6.30 y 7.0.x en versiones anteriores a 7.0.15 permite a atacantes remotos provocar una denegación de servicio (consumo de memoria o caída de aplicación) a través de una entrada de manifiesto truncado en un archivo PHAR. • http://php.net/ChangeLog-5.php http://php.net/ChangeLog-7.php http://www.debian.org/security/2017/dsa-3783 http://www.securityfocus.com/bid/95774 http://www.securitytracker.com/id/1037659 https://access.redhat.com/errata/RHSA-2018:1296 https://bugs.php.net/bug.php?id=73764 https://github.com/php/php-src/commit/ca46d0acbce55019b970fcd4c1e8a10edfdded93 https://security.gentoo.org/glsa/201702-29 https://security.netapp.com/advisory/ntap-20180112-0001 https://www.tenable.co • CWE-190: Integer Overflow or Wraparound •
CVE-2016-10161 – php: Out-of-bounds heap read on unserialize in finish_nested_data()
https://notcve.org/view.php?id=CVE-2016-10161
The object_common1 function in ext/standard/var_unserializer.c in PHP before 5.6.30, 7.0.x before 7.0.15, and 7.1.x before 7.1.1 allows remote attackers to cause a denial of service (buffer over-read and application crash) via crafted serialized data that is mishandled in a finish_nested_data call. La función object_common1 en ext/standard/var_unserializer.c en PHP en versiones anteriores a 5.6.30, 7.0.x en versiones anteriores a 7.0.15 y 7.1.x en versiones anteriores a 7.1.1 permite a atacantes remotos provocar una denegación de servicio (sobre lectura de búfer y caída de aplicación) a través de datos serializados manipulados que se maneja mal en una llamada finish_nested_data. • http://php.net/ChangeLog-5.php http://php.net/ChangeLog-7.php http://www.debian.org/security/2017/dsa-3783 http://www.securityfocus.com/bid/95768 http://www.securitytracker.com/id/1037659 https://access.redhat.com/errata/RHSA-2018:1296 https://bugs.php.net/bug.php?id=73825 https://github.com/php/php-src/commit/16b3003ffc6393e250f069aa28a78dc5a2c064b2 https://security.gentoo.org/glsa/201702-29 https://security.netapp.com/advisory/ntap-20180112-0001 https://www.tenable.co • CWE-125: Out-of-bounds Read •
CVE-2014-9912
https://notcve.org/view.php?id=CVE-2014-9912
The get_icu_disp_value_src_php function in ext/intl/locale/locale_methods.c in PHP before 5.3.29, 5.4.x before 5.4.30, and 5.5.x before 5.5.14 does not properly restrict calls to the ICU uresbund.cpp component, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a locale_get_display_name call with a long first argument. La función get_icu_disp_value_src_php en ext/intl/locale/locale_methods.c en PHP en versiones anteriores a 5.3.29, 5.4.x en versiones anteriores a 5.4.30 y 5.5.x en versiones anteriores a 5.5.14 no restringe correctamente las llamadas del componente ICU uresbund.cpp, lo que permite a atacantes remotos provocar una denegación de servicio (desbordamiento de búfer) o posiblemente tener otro impacto no especificado a través de una llamada locale_get_display_name con un primer argumento largo. • http://www.openwall.com/lists/oss-security/2016/11/25/1 http://www.php.net/ChangeLog-5.php http://www.securityfocus.com/bid/68549 https://bugs.php.net/bug.php?id=67397 https://bugzilla.redhat.com/show_bug.cgi?id=1383569 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2016-9137
https://notcve.org/view.php?id=CVE-2016-9137
Use-after-free vulnerability in the CURLFile implementation in ext/curl/curl_file.c in PHP before 5.6.27 and 7.x before 7.0.12 allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted serialized data that is mishandled during __wakeup processing. Vulnerabilidad de uso después de liberación de memoria en la implementación de CURLFile en ext/curl/curl_file.c en PHP en versiones anteriores a 5.6.27 y 7.x en versiones anteriores a 7.0.12 permite a atacantes remotos provocar una denegación de servicio o posiblemente tener otro impacto no especificado a través de datos serializados manipulados que no maneja adecuadamente durante el procesamiento de __wakeup. • http://git.php.net/?p=php-src.git%3Ba=commit%3Bh=0e6fe3a4c96be2d3e88389a5776f878021b4c59f http://www.debian.org/security/2016/dsa-3698 http://www.openwall.com/lists/oss-security/2016/11/01/2 http://www.php.net/ChangeLog-5.php http://www.php.net/ChangeLog-7.php http://www.securityfocus.com/bid/93577 https://bugs.php.net/bug.php?id=73147 https://www.tenable.com/security/tns-2016-19 • CWE-416: Use After Free •