CVE-2016-4541 – php: OOB read in grapheme_stripos and grapheme_strpos when negative offset is used
https://notcve.org/view.php?id=CVE-2016-4541
The grapheme_strpos function in ext/intl/grapheme/grapheme_string.c in PHP before 5.5.35, 5.6.x before 5.6.21, and 7.x before 7.0.6 allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a negative offset. La función grapheme_strpos en ext/intl/grapheme/grapheme_string.c en PHP en versiones anteriores a 5.5.35, 5.6.x en versiones anteriores a 5.6.21 y 7.x en versiones anteriores a 7.0.6 permite a atacantes remotos provocar una denegación de servicio (lectura fuera de rango) o posiblemente tener otro impacto no especificado a través de un desplazamiento negativo. • http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183736.html http://lists.opensuse.org/opensuse-updates/2016-05/msg00086.html http://lists.opensuse.org/opensuse-updates/2016-06/msg00027.html http://php.net/ChangeLog-5.php http://php.net/ChangeLog-7.php http://rhn.redhat.com/errata/RHSA-2016-2750.html http://www.debian.org/security/2016/dsa-3602 http://www.openwall.com/lists/oss-security/2016/05/05/21 http://www.securityfocus.com/bid/90172 https:/ • CWE-125: Out-of-bounds Read •
CVE-2015-8880
https://notcve.org/view.php?id=CVE-2015-8880
Double free vulnerability in the format printer in PHP 7.x before 7.0.1 allows remote attackers to have an unspecified impact by triggering an error. Doble vulnerabilidad libre en el formato printer en PHP 7.x en versiones anteriores a 7.0.1 permite a atacantes remotos tener un impacto no especificado desencadenando un error. • http://php.net/ChangeLog-7.php • CWE-415: Double Free •
CVE-2016-4345
https://notcve.org/view.php?id=CVE-2016-4345
Integer overflow in the php_filter_encode_url function in ext/filter/sanitizing_filters.c in PHP before 7.0.4 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a long string, leading to a heap-based buffer overflow. Desbordamiento de entero en la función php_filter_encode_url en ext/filter/sanitizing_filters.c en PHP en versiones anteriores a 7.0.4 permite a atacantes remotos provocar una denegación de servicio o posiblemente tener otro impacto no especificado a través de una cadena larga, encabezando un desbordamiento de buffer basado en memoria dinámica. • http://php.net/ChangeLog-7.php http://www.openwall.com/lists/oss-security/2016/04/28/2 https://bugs.php.net/bug.php?id=71637 • CWE-190: Integer Overflow or Wraparound •
CVE-2016-4543 – php: Out-of-bounds heap memory read in exif_read_data() caused by malformed input
https://notcve.org/view.php?id=CVE-2016-4543
The exif_process_IFD_in_JPEG function in ext/exif/exif.c in PHP before 5.5.35, 5.6.x before 5.6.21, and 7.x before 7.0.6 does not validate IFD sizes, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via crafted header data. La función exif_process_IFD_in_JPEG en ext/exif/exif.c en PHP en versiones anteriores a 5.5.35, 5.6.x en versiones anteriores a 5.6.21 y 7.x en versiones anteriores a 7.0.6 no valida tamaños IFD, lo que permite a atacantes remotos provocar una denegación de servicio (lectura fuera de límites) o posiblemente tener otro impacto no especificado a través de datos de cabecera manipulados. • http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183736.html http://lists.opensuse.org/opensuse-updates/2016-05/msg00086.html http://lists.opensuse.org/opensuse-updates/2016-06/msg00027.html http://php.net/ChangeLog-5.php http://php.net/ChangeLog-7.php http://rhn.redhat.com/errata/RHSA-2016-2750.html http://www.debian.org/security/2016/dsa-3602 http://www.openwall.com/lists/oss-security/2016/05/05/21 http://www.securityfocus.com/bid/89844 https:/ • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-125: Out-of-bounds Read •
CVE-2016-4542 – php: Out-of-bounds heap memory read in exif_read_data() caused by malformed input
https://notcve.org/view.php?id=CVE-2016-4542
The exif_process_IFD_TAG function in ext/exif/exif.c in PHP before 5.5.35, 5.6.x before 5.6.21, and 7.x before 7.0.6 does not properly construct spprintf arguments, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via crafted header data. La función exif_process_IFD_TAG en ext/exif/exif.c en PHP en versiones anteriores a 5.5.35, 5.6.x en versiones anteriores a 5.6.21 y 7.x en versiones anteriores a 7.0.6 no construye adecuadamente argumentos spprintf, lo que permite a atacantes remotos provocar una denegación de servicio (lectura fuera de límites) o posiblemente tener otro impacto no especificado a través de datos de cabecera manipulados. • http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183736.html http://lists.opensuse.org/opensuse-updates/2016-05/msg00086.html http://lists.opensuse.org/opensuse-updates/2016-06/msg00027.html http://php.net/ChangeLog-5.php http://php.net/ChangeLog-7.php http://rhn.redhat.com/errata/RHSA-2016-2750.html http://www.debian.org/security/2016/dsa-3602 http://www.openwall.com/lists/oss-security/2016/05/05/21 http://www.securityfocus.com/bid/89844 https:/ • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-125: Out-of-bounds Read •