Search CVE reports
1 – 10 of 37 results
CVE-2018-1000222
Medium priorityLibgd version 2.2.5 contains a Double Free Vulnerability vulnerability in gdImageBmpPtr Function that can result in Remote Code Execution . This attack appear to be exploitable via Specially Crafted Jpeg Image can trigger double...
4 affected packages
libgd2, php5, php7.0, php7.1
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| libgd2 | — | — | — | Fixed | Fixed |
| php5 | — | — | — | Not in release | Not in release |
| php7.0 | — | — | — | Not in release | Not affected |
| php7.1 | — | — | — | Not in release | Not in release |
CVE-2018-12882
Medium priorityexif_read_from_impl in ext/exif/exif.c in PHP 7.2.x through 7.2.7 allows attackers to trigger a use-after-free (in exif_read_from_file) because it closes a stream that it is not responsible for closing. The vulnerable code is...
4 affected packages
php5, php7.0, php7.1, php7.2
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| php5 | — | — | — | Not in release | Not in release |
| php7.0 | — | — | — | Not in release | Not affected |
| php7.1 | — | — | — | Not in release | Not in release |
| php7.2 | — | — | — | Fixed | Not in release |
CVE-2018-10549
Medium priorityAn issue was discovered in PHP before 5.6.36, 7.0.x before 7.0.30, 7.1.x before 7.1.17, and 7.2.x before 7.2.5. exif_read_data in ext/exif/exif.c has an out-of-bounds read for crafted JPEG data because...
4 affected packages
php5, php7.0, php7.1, php7.2
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| php5 | — | — | — | Not in release | Not in release |
| php7.0 | — | — | — | Not in release | Fixed |
| php7.1 | — | — | — | Not in release | Not in release |
| php7.2 | — | — | — | Fixed | Not in release |
CVE-2018-10548
Medium priorityAn issue was discovered in PHP before 5.6.36, 7.0.x before 7.0.30, 7.1.x before 7.1.17, and 7.2.x before 7.2.5. ext/ldap/ldap.c allows remote LDAP servers to cause a denial of service (NULL pointer dereference and application...
4 affected packages
php5, php7.0, php7.1, php7.2
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| php5 | — | — | — | Not in release | Not in release |
| php7.0 | — | — | — | Not in release | Fixed |
| php7.1 | — | — | — | Not in release | Not in release |
| php7.2 | — | — | — | Fixed | Not in release |
CVE-2018-10547
Medium priorityAn issue was discovered in ext/phar/phar_object.c in PHP before 5.6.36, 7.0.x before 7.0.30, 7.1.x before 7.1.17, and 7.2.x before 7.2.5. There is Reflected XSS on the PHAR 403 and 404 error pages via request data of a request for...
4 affected packages
php5, php7.0, php7.1, php7.2
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| php5 | — | — | — | Not in release | Not in release |
| php7.0 | — | — | — | Not in release | Fixed |
| php7.1 | — | — | — | Not in release | Not in release |
| php7.2 | — | — | — | Fixed | Not in release |
CVE-2018-10546
Medium priorityAn issue was discovered in PHP before 5.6.36, 7.0.x before 7.0.30, 7.1.x before 7.1.17, and 7.2.x before 7.2.5. An infinite loop exists in ext/iconv/iconv.c because the iconv stream filter does not reject invalid multibyte sequences.
4 affected packages
php5, php7.0, php7.1, php7.2
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| php5 | — | — | — | Not in release | Not in release |
| php7.0 | — | — | — | Not in release | Fixed |
| php7.1 | — | — | — | Not in release | Not in release |
| php7.2 | — | — | — | Fixed | Not in release |
CVE-2018-10545
Medium priorityAn issue was discovered in PHP before 5.6.35, 7.0.x before 7.0.29, 7.1.x before 7.1.16, and 7.2.x before 7.2.4. Dumpable FPM child processes allow bypassing opcache access controls because fpm_unix.c makes a PR_SET_DUMPABLE prctl...
4 affected packages
php5, php7.0, php7.1, php7.2
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| php5 | — | — | — | Not in release | Not in release |
| php7.0 | — | — | — | Not in release | Fixed |
| php7.1 | — | — | — | Not in release | Not in release |
| php7.2 | — | — | — | Fixed | Not in release |
CVE-2018-7584
Medium priorityIn PHP through 5.6.33, 7.0.x before 7.0.28, 7.1.x through 7.1.14, and 7.2.x through 7.2.2, there is a stack-based buffer under-read while parsing an HTTP response in the php_stream_url_wrap_http_ex function...
4 affected packages
php5, php7.0, php7.1, php7.2
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| php5 | — | — | — | Not in release | Not in release |
| php7.0 | — | — | — | Not in release | Fixed |
| php7.1 | — | — | — | Not in release | Not in release |
| php7.2 | — | — | — | Fixed | Not in release |
CVE-2016-10712
Low priorityIn PHP before 5.5.32, 5.6.x before 5.6.18, and 7.x before 7.0.3, all of the return values of stream_get_meta_data can be controlled if the input can be controlled (e.g., during file uploads). For example, a "$uri...
3 affected packages
php5, php7.0, php7.1
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| php5 | — | — | — | Not in release | Not in release |
| php7.0 | — | — | — | Not in release | Not affected |
| php7.1 | — | — | — | Not in release | Not in release |
CVE-2018-5712
Medium priorityAn issue was discovered in PHP before 5.6.33, 7.0.x before 7.0.27, 7.1.x before 7.1.13, and 7.2.x before 7.2.1. There is Reflected XSS on the PHAR 404 error page via the URI of a request for a .phar file.
4 affected packages
php5, php7.0, php7.1, php7.2
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| php5 | — | — | — | Not in release | Not in release |
| php7.0 | — | — | — | Not in release | Fixed |
| php7.1 | — | — | — | Not in release | Not in release |
| php7.2 | — | — | — | Not affected | Not in release |