CVSS: 7.5EPSS: 13%CPEs: 14EXPL: 0CVE-2016-9933 – gd: Stack overflow in gdImageFillToBorder on truecolor images
https://notcve.org/view.php?id=CVE-2016-9933
Stack consumption vulnerability in the gdImageFillToBorder function in gd.c in the GD Graphics Library (aka libgd) before 2.2.2, as used in PHP before 5.6.28 and 7.x before 7.0.13, allows remote attackers to cause a denial of service (segmentation violation) via a crafted imagefilltoborder call that triggers use of a negative color value. Vulnerabilidad de consumo de pila en la función gdImageFillToBorder en gd.c en la GD Graphics Library (también conocida como libgd) en versiones anteriores a 2.2.2, como se utiliza en PHP en versiones anteriores a 5.6.28 y 7.x en versiones anteriores a 7.0.13, permite a atacantes remotos provocar una denegación de servicio (violación de segmentación) a través de una llamada imagefilltoborder manipulada que desencadena el uso de un valor de color negativo. An infinite recursion flaw was found in the gdImageFillToBorder() function from the gd library; also used by PHP imagefilltoborder() function, when passing a negative integer as the color parameter, triggering a stack overflow. A remote attacker with ability to force a negative color identifier when calling the function could crash the PHP application, causing a Denial of Service. • http://lists.opensuse.org/opensuse-updates/2016-12/msg00133.html http://lists.opensuse.org/opensuse-updates/2016-12/msg00142.html http://lists.opensuse.org/opensuse-updates/2017-01/msg00002.html http://lists.opensuse.org/opensuse-updates/2017-01/msg00034.html http://lists.opensuse.org/opensuse-updates/2017-01/msg00054.html http://www.debian.org/security/2017/dsa-3751 http://www.openwall.com/lists/oss-security/2016/12/12/2 http://www.php.net/ChangeLog-5.php http://www.p • CWE-20: Improper Input Validation CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 6%CPEs: 14EXPL: 0CVE-2016-9934 – php: NULL Pointer Dereference in WDDX Packet Deserialization with PDORow
https://notcve.org/view.php?id=CVE-2016-9934
ext/wddx/wddx.c in PHP before 5.6.28 and 7.x before 7.0.13 allows remote attackers to cause a denial of service (NULL pointer dereference) via crafted serialized data in a wddxPacket XML document, as demonstrated by a PDORow string. ext/wddx/wddx.c en PHP en versiones anteriores a 5.6.28 y 7.x en versiones anteriores a 7.0.13 permite a atacantes remotos provocar una denegación de servicio (referencia a puntero NULL) a través datos serializados manipulados en un documento wddxPacket XML, como se demuestra por una cadena PDORow. • http://lists.opensuse.org/opensuse-updates/2016-12/msg00142.html http://lists.opensuse.org/opensuse-updates/2017-01/msg00034.html http://lists.opensuse.org/opensuse-updates/2017-01/msg00054.html http://www.openwall.com/lists/oss-security/2016/12/12/2 http://www.php.net/ChangeLog-5.php http://www.php.net/ChangeLog-7.php http://www.securityfocus.com/bid/94845 https://access.redhat.com/errata/RHSA-2018:1296 https://bugs.php.net/bug.php?id=73331 https://github.c • CWE-476: NULL Pointer Dereference •
CVSS: 9.8EPSS: 2%CPEs: 15EXPL: 0CVE-2016-9935 – php: Invalid read when wddx decodes empty boolean element
https://notcve.org/view.php?id=CVE-2016-9935
The php_wddx_push_element function in ext/wddx/wddx.c in PHP before 5.6.29 and 7.x before 7.0.14 allows remote attackers to cause a denial of service (out-of-bounds read and memory corruption) or possibly have unspecified other impact via an empty boolean element in a wddxPacket XML document. La función php_wddx_push_element en ext/wddx/wddx.c en PHP en versiones anteriores a 5.6.29 y 7.x en versiones anteriores a 7.0.14 permite a atacantes remotos provocar una denegación de servicio (lectura fuera de rango y corrupción de memoria) o posiblemente tener otro impacto no especificado de un elemento booleano vacío en un documento wddxPacket XML. • http://lists.opensuse.org/opensuse-updates/2016-12/msg00142.html http://lists.opensuse.org/opensuse-updates/2017-01/msg00034.html http://lists.opensuse.org/opensuse-updates/2017-01/msg00054.html http://www.debian.org/security/2016/dsa-3737 http://www.openwall.com/lists/oss-security/2016/12/12/2 http://www.php.net/ChangeLog-5.php http://www.php.net/ChangeLog-7.php http://www.securityfocus.com/bid/94846 https://access.redhat.com/errata/RHSA-2018:1296 https://bug • CWE-125: Out-of-bounds Read •
CVSS: 9.8EPSS: 3%CPEs: 15EXPL: 0CVE-2016-8670
https://notcve.org/view.php?id=CVE-2016-8670
Integer signedness error in the dynamicGetbuf function in gd_io_dp.c in the GD Graphics Library (aka libgd) through 2.2.3, as used in PHP before 5.6.28 and 7.x before 7.0.13, allows remote attackers to cause a denial of service (stack-based buffer overflow) or possibly have unspecified other impact via a crafted imagecreatefromstring call. Error de firma de enteros en la función dynamicGetbuf en gd_io_dp.c en la librería de gráficos GD (también conocido como libgd) hasta la versión 2.2.3 como se utiliza en PHP en versiones anteriores a 5.6.28 y 7.x en versiones anteriores a 7.0.13 permite a atacantes remotos provocar una denegación de servicio (desbordamiento de búfer basado en pila) o posiblemente tener otro impacto no especificado a través de una llamada manipulada imagecreatefromstring. • http://www.debian.org/security/2016/dsa-3693 http://www.openwall.com/lists/oss-security/2016/10/15/1 http://www.php.net/ChangeLog-5.php http://www.php.net/ChangeLog-7.php http://www.securityfocus.com/bid/93594 https://bugs.php.net/bug.php?id=73280 https://github.com/libgd/libgd/commit/53110871935244816bbb9d131da0bccff734bfe9 https://support.f5.com/csp/article/K21336065?utm_source=f5support&%3Butm_medium=RSS • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.8EPSS: 1%CPEs: 1EXPL: 1CVE-2016-7411
https://notcve.org/view.php?id=CVE-2016-7411
ext/standard/var_unserializer.re in PHP before 5.6.26 mishandles object-deserialization failures, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via an unserialize call that references a partially constructed object. ext/standard/var_unserializer.re en PHP en versiones anteriores a 5.6.26 no maneja correctamente los fallos de deserialización de objeto, lo que podría permitir a atacantes remotos provocar una denegación de servicio (corrupción de memoria) o tener otro posible impacto no especificado a través de una llamada no serializada que referencia a un objeto construido parcialmente. • http://www.openwall.com/lists/oss-security/2016/09/15/10 http://www.php.net/ChangeLog-5.php http://www.securityfocus.com/bid/93009 http://www.securitytracker.com/id/1036836 https://bugs.php.net/bug.php?id=73052 https://github.com/php/php-src/commit/6a7cc8ff85827fa9ac715b3a83c2d9147f33cd43?w=1 https://security.gentoo.org/glsa/201611-22 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •