Page 13 of 294 results (0.023 seconds)

CVSS: 9.8EPSS: 2%CPEs: 15EXPL: 0

The php_wddx_push_element function in ext/wddx/wddx.c in PHP before 5.6.29 and 7.x before 7.0.14 allows remote attackers to cause a denial of service (out-of-bounds read and memory corruption) or possibly have unspecified other impact via an empty boolean element in a wddxPacket XML document. La función php_wddx_push_element en ext/wddx/wddx.c en PHP en versiones anteriores a 5.6.29 y 7.x en versiones anteriores a 7.0.14 permite a atacantes remotos provocar una denegación de servicio (lectura fuera de rango y corrupción de memoria) o posiblemente tener otro impacto no especificado de un elemento booleano vacío en un documento wddxPacket XML. • http://lists.opensuse.org/opensuse-updates/2016-12/msg00142.html http://lists.opensuse.org/opensuse-updates/2017-01/msg00034.html http://lists.opensuse.org/opensuse-updates/2017-01/msg00054.html http://www.debian.org/security/2016/dsa-3737 http://www.openwall.com/lists/oss-security/2016/12/12/2 http://www.php.net/ChangeLog-5.php http://www.php.net/ChangeLog-7.php http://www.securityfocus.com/bid/94846 https://access.redhat.com/errata/RHSA-2018:1296 https://bug • CWE-125: Out-of-bounds Read •

CVSS: 7.5EPSS: 13%CPEs: 14EXPL: 0

Stack consumption vulnerability in the gdImageFillToBorder function in gd.c in the GD Graphics Library (aka libgd) before 2.2.2, as used in PHP before 5.6.28 and 7.x before 7.0.13, allows remote attackers to cause a denial of service (segmentation violation) via a crafted imagefilltoborder call that triggers use of a negative color value. Vulnerabilidad de consumo de pila en la función gdImageFillToBorder en gd.c en la GD Graphics Library (también conocida como libgd) en versiones anteriores a 2.2.2, como se utiliza en PHP en versiones anteriores a 5.6.28 y 7.x en versiones anteriores a 7.0.13, permite a atacantes remotos provocar una denegación de servicio (violación de segmentación) a través de una llamada imagefilltoborder manipulada que desencadena el uso de un valor de color negativo. An infinite recursion flaw was found in the gdImageFillToBorder() function from the gd library; also used by PHP imagefilltoborder() function, when passing a negative integer as the color parameter, triggering a stack overflow. A remote attacker with ability to force a negative color identifier when calling the function could crash the PHP application, causing a Denial of Service. • http://lists.opensuse.org/opensuse-updates/2016-12/msg00133.html http://lists.opensuse.org/opensuse-updates/2016-12/msg00142.html http://lists.opensuse.org/opensuse-updates/2017-01/msg00002.html http://lists.opensuse.org/opensuse-updates/2017-01/msg00034.html http://lists.opensuse.org/opensuse-updates/2017-01/msg00054.html http://www.debian.org/security/2017/dsa-3751 http://www.openwall.com/lists/oss-security/2016/12/12/2 http://www.php.net/ChangeLog-5.php http://www.p • CWE-20: Improper Input Validation CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 9.8EPSS: 3%CPEs: 15EXPL: 0

Integer signedness error in the dynamicGetbuf function in gd_io_dp.c in the GD Graphics Library (aka libgd) through 2.2.3, as used in PHP before 5.6.28 and 7.x before 7.0.13, allows remote attackers to cause a denial of service (stack-based buffer overflow) or possibly have unspecified other impact via a crafted imagecreatefromstring call. Error de firma de enteros en la función dynamicGetbuf en gd_io_dp.c en la librería de gráficos GD (también conocido como libgd) hasta la versión 2.2.3 como se utiliza en PHP en versiones anteriores a 5.6.28 y 7.x en versiones anteriores a 7.0.13 permite a atacantes remotos provocar una denegación de servicio (desbordamiento de búfer basado en pila) o posiblemente tener otro impacto no especificado a través de una llamada manipulada imagecreatefromstring. • http://www.debian.org/security/2016/dsa-3693 http://www.openwall.com/lists/oss-security/2016/10/15/1 http://www.php.net/ChangeLog-5.php http://www.php.net/ChangeLog-7.php http://www.securityfocus.com/bid/93594 https://bugs.php.net/bug.php?id=73280 https://github.com/libgd/libgd/commit/53110871935244816bbb9d131da0bccff734bfe9 https://support.f5.com/csp/article/K21336065?utm_source=f5support&amp%3Butm_medium=RSS • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 9.8EPSS: 2%CPEs: 12EXPL: 1

The ZIP signature-verification feature in PHP before 5.6.26 and 7.x before 7.0.11 does not ensure that the uncompressed_filesize field is large enough, which allows remote attackers to cause a denial of service (out-of-bounds memory access) or possibly have unspecified other impact via a crafted PHAR archive, related to ext/phar/util.c and ext/phar/zip.c. La funcionalidad de verificación de firma ZIP en PHP en versiones anteriores a 5.6.26 y 7.x en versiones anteriores a 7.0.11 no asegura que el campo uncompressed_filesize sea suficientemente grande, lo que podría permitir a atacantes remotos provocar una denegación de servicio (acceso a memoria fuera de límites) o tener otro posible impacto no especificado a través de una archivo PHAR manipulado, relacionado con ext/phar/util.c y ext/phar/zip.c. • http://www.openwall.com/lists/oss-security/2016/09/15/10 http://www.php.net/ChangeLog-5.php http://www.php.net/ChangeLog-7.php http://www.securityfocus.com/bid/93004 http://www.securitytracker.com/id/1036836 https://access.redhat.com/errata/RHSA-2018:1296 https://bugs.php.net/bug.php?id=72928 https://github.com/php/php-src/commit/0bfb970f43acd1e81d11be1154805f86655f15d5?w=1 https://security.gentoo.org/glsa/201611-22 https://www.tenable.com/security/tns-2016-19 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-125: Out-of-bounds Read •

CVSS: 7.8EPSS: 3%CPEs: 12EXPL: 1

ext/intl/msgformat/msgformat_format.c in PHP before 5.6.26 and 7.x before 7.0.11 does not properly restrict the locale length provided to the Locale class in the ICU library, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a MessageFormatter::formatMessage call with a long first argument. ext/intl/msgformat/msgformat_format.c en PHP en versiones anteriores a 5.6.26 y 7.x en versiones anteriores a 7.0.11 no restringe adecuadamente la longitud proporcionada a locale para la clase Locale en la libreria ICU, lo que permite a atacantes remotos provocar una denegación de servicio (caída de aplicación) o tener otro posible impacto no especificado a través de una llamada MessageFormatter::formatMessage con un primer argumento grande. • http://www.openwall.com/lists/oss-security/2016/09/15/10 http://www.php.net/ChangeLog-5.php http://www.php.net/ChangeLog-7.php http://www.securityfocus.com/bid/93008 http://www.securitytracker.com/id/1036836 https://access.redhat.com/errata/RHSA-2018:1296 https://bugs.php.net/bug.php?id=73007 https://github.com/php/php-src/commit/6d55ba265637d6adf0ba7e9c9ef11187d1ec2f5b?w=1 https://security.gentoo.org/glsa/201611-22 https://www.tenable.com/security/tns-2016-19 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-121: Stack-based Buffer Overflow •