CVE-2016-5769
https://notcve.org/view.php?id=CVE-2016-5769
Multiple integer overflows in mcrypt.c in the mcrypt extension in PHP before 5.5.37, 5.6.x before 5.6.23, and 7.x before 7.0.8 allow remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted length value, related to the (1) mcrypt_generic and (2) mdecrypt_generic functions. Múltiples desbordamientos de entero en mcrypt.c en la extensión mcrypt en PHP en versiones anteriores a 5.5.37, 5.6.x en versiones anteriores a 5.6.23 y 7.x en versiones anteriores a 7.0.8 permite a atacantes remotos provocar una denegación de servicio (desbordamiento de búfer basado en memoria dinámica y caída de aplicación) o posiblemente tener otro impacto no especificado a través de un valor de longitud manipulado, relacionado con las funciones (1) mcrypt_generic y (2) mdecrypt_generic. • http://github.com/php/php-src/commit/6c5211a0cef0cc2854eaa387e0eb036e012904d0?w=1 http://lists.apple.com/archives/security-announce/2016/Sep/msg00006.html http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00004.html http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00025.html http://lists.opensuse.org/opensuse-updates/2016-08/msg00003.html http://php.net/ChangeLog-5.php http://php.net/ChangeLog-7.php http://www.debian.org/security/2016/dsa-3618 http://www. • CWE-190: Integer Overflow or Wraparound •
CVE-2016-5768 – php: Double free in _php_mb_regex_ereg_replace_exec
https://notcve.org/view.php?id=CVE-2016-5768
Double free vulnerability in the _php_mb_regex_ereg_replace_exec function in php_mbregex.c in the mbstring extension in PHP before 5.5.37, 5.6.x before 5.6.23, and 7.x before 7.0.8 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) by leveraging a callback exception. Vulnerabilidad de liberación doble en la función _php_mb_regex_ereg_replace_exec en php_mbregex.c en la extensión mbstring en PHP en versiones anteriores a 5.5.37, 5.6.x en versiones anteriores a 5.6.23 y 7.x en versiones anteriores a 7.0.8 permite a atacantes remotos ejecutar un código arbitrario o provocar una denegación de servicio (caída de aplicación) mediante el aprovechamiento de una excepción de devolución de llamada. A double free flaw was found in the mb_ereg_replace_callback() function of php which is used to perform regex search. This flaw could possibly cause a PHP application to crash. • http://github.com/php/php-src/commit/5b597a2e5b28e2d5a52fc1be13f425f08f47cb62?w=1 http://lists.apple.com/archives/security-announce/2016/Sep/msg00006.html http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00004.html http://lists.opensuse.org/opensuse-updates/2016-08/msg00003.html http://php.net/ChangeLog-5.php http://php.net/ChangeLog-7.php http://rhn.redhat.com/errata/RHSA-2016-2598.html http://rhn.redhat.com/errata/RHSA-2016-2750.html http://www.debian.org/securit • CWE-415: Double Free CWE-416: Use After Free •
CVE-2016-5771 – php: Use After Free Vulnerability in PHP's GC algorithm and unserialize
https://notcve.org/view.php?id=CVE-2016-5771
spl_array.c in the SPL extension in PHP before 5.5.37 and 5.6.x before 5.6.23 improperly interacts with the unserialize implementation and garbage collection, which allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free and application crash) via crafted serialized data. spl_array.c en la extension SPL en PHP en versiones anteriores a 5.5.37 y 5.6.x en versiones anteriores a 5.6.23 interactúa incorrectamente con la implementación no serializada y la recolección de basura, lo que permite a atacantes remotos ejecutar código arbitrario o provocar una denegación de servicio (uso después de liberación y caída de aplicación) a través de datos serializados manipulados. • http://github.com/php/php-src/commit/3f627e580acfdaf0595ae3b115b8bec677f203ee?w=1 http://lists.apple.com/archives/security-announce/2016/Sep/msg00006.html http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00004.html http://lists.opensuse.org/opensuse-updates/2016-08/msg00003.html http://php.net/ChangeLog-5.php http://rhn.redhat.com/errata/RHSA-2016-2750.html http://www.debian.org/security/2016/dsa-3618 http://www.openwall.com/lists/oss-security/2016/06/23/4 http: • CWE-416: Use After Free •
CVE-2016-5770 – php: Int/size_t confusion in SplFileObject::fread
https://notcve.org/view.php?id=CVE-2016-5770
Integer overflow in the SplFileObject::fread function in spl_directory.c in the SPL extension in PHP before 5.5.37 and 5.6.x before 5.6.23 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a large integer argument, a related issue to CVE-2016-5096. Desbordamiento de entero en la función SplFileObject::fread en spl_directory.c en la extensión SPL en PHP en versiones anteriores a 5.5.37 y 5.6.x en versiones anteriores 5.6.23 permite a atacantes remotos provocar una denegación de servicio o posiblemente tener otro impacto no especificado a través de un argumento de entero grande, un problema relacionado con CVE-2016-5096. A type confusion issue was found in the SPLFileObject fread() function. A remote attacker able to submit a specially crafted input to a PHP application, which uses this function, could use this flaw to execute arbitrary code with the privileges of the user running that PHP application. • http://github.com/php/php-src/commit/7245bff300d3fa8bacbef7897ff080a6f1c23eba?w=1 http://lists.apple.com/archives/security-announce/2016/Sep/msg00006.html http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00004.html http://lists.opensuse.org/opensuse-updates/2016-08/msg00003.html http://php.net/ChangeLog-5.php http://rhn.redhat.com/errata/RHSA-2016-2750.html http://www.debian.org/security/2016/dsa-3618 http://www.openwall.com/lists/oss-security/2016/06/23/4 http: • CWE-190: Integer Overflow or Wraparound CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •
CVE-2016-5767 – gd: Integer Overflow in gdImagePaletteToTrueColor() resulting in heap overflow
https://notcve.org/view.php?id=CVE-2016-5767
Integer overflow in the gdImageCreate function in gd.c in the GD Graphics Library (aka libgd) before 2.0.34RC1, as used in PHP before 5.5.37, 5.6.x before 5.6.23, and 7.x before 7.0.8, allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted image dimensions. Desbordamiento de entero en la función gdImageCreate en gd.c en la GD Graphics Library (también conocido como libgd) en versiones anteriores a 2.0.34RC1, como se utiliza en PHP en versiones anteriores a 5.5.37, 5.6.x en versiones anteriores a 5.6.23 y 7.x en versiones anteriores a 7.0.8 permite a atacantes remotos provocar una denegación de servicio (desbordamiento de búfer basado en memoria dinámica y caída de aplicación) o posiblemente tener otro impacto no especificado a través de dimensiones de imagen manipuladas. An integer overflow flaw, leading to a heap-based buffer overflow was found in the gdImagePaletteToTrueColor() function of PHP's gd extension. A remote attacker could use this flaw to crash a PHP application or execute arbitrary code with the privileges of the user running that PHP application using gd via a specially crafted image buffer. • http://github.com/php/php-src/commit/c395c6e5d7e8df37a21265ff76e48fe75ceb5ae6?w=1 http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00004.html http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00025.html http://lists.opensuse.org/opensuse-updates/2016-08/msg00003.html http://php.net/ChangeLog-5.php http://php.net/ChangeLog-7.php http://rhn.redhat.com/errata/RHSA-2016-2598.html http://rhn.redhat.com/errata/RHSA-2016-2750.html http://www.openwall.com/lists • CWE-122: Heap-based Buffer Overflow CWE-190: Integer Overflow or Wraparound •