Download
| Alert*
|
oval:org.secpod.oval:def:76654
When using the gdImageCreateFromXbm() function in the GD Graphics Library (aka LibGD) 2.2.5, as used in the PHP GD extension in PHP versions 7.1.x below 7.1.30, 7.2.x below 7.2.19 and 7.3.x below 7.3.6, it is possible to supply data that will cause the function to use the value of uninitialized vari ... oval:org.secpod.oval:def:1902141 When using gdImageCreateFromXbm function of gd extension in versions 7.1.x below 7.1.30, 7.2.x below 7.2.19 and 7.3.x below 7.3.6, it is possible to supply data that will cause the function to use the value of uninitialized variable. This may lead to disclosing contents of the stack that has been le ... oval:org.secpod.oval:def:2106691 Oracle Solaris 11 - ( CVE-2019-11038 ) oval:org.secpod.oval:def:89050326 This update for gd fixes the following issues: Security issue fixed: - CVE-2018-14553: Fixed a null pointer dereference in gdImageClone . - CVE-2019-11038: Fixed a information disclosure in gdImageCreateFromXbm . oval:org.secpod.oval:def:89000064 This update for gd fixes the following issues: - CVE-2017-7890: Fixed a buffer over-read into uninitialized memory . - CVE-2018-14553: Fixed a null pointer dereference in gdImageClone . - CVE-2019-11038: Fixed a information disclosure in gdImageCreateFromXbm . oval:org.secpod.oval:def:62298 libgd2: Open source code library for the dynamic creation of images Several security issues were fixed in GD Graphics Library. oval:org.secpod.oval:def:62694 libgd2: Open source code library for the dynamic creation of images Several security issues were fixed in GD Graphics Library. oval:org.secpod.oval:def:604537 Multiple security issues were found in PHP, a widely-used open source general purpose scripting language: Missing sanitising in the EXIF extension and the iconv_mime_decode_headers function could result in information disclosure or denial of service. oval:org.secpod.oval:def:1601033 Function iconv_mime_decode_headers in PHP may perform out-of-buffer read due to integer overflow when parsing MIME headers. This may lead to information disclosure or crash.When using gdImageCreateFromXbm function of PHP gd extension, it is possible to supply data that will cause the function to use ... oval:org.secpod.oval:def:89003087 This update for php53 fixes the following issues: Security issues fixed: - CVE-2019-11038: Fixed a information disclosure in gdImageCreateFromXbm . - CVE-2019-11041: Fixed heap buffer over-read in exif_scan_thumbnail . - CVE-2019-11042: Fixed heap buffer over-read in exif_process_user_comment . oval:org.secpod.oval:def:116721 PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated web pages. PHP also offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled webpage with PHP is fai ... oval:org.secpod.oval:def:505023 PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. The following packages have been upgraded to a later upstream version: rh-php71-php . Security Fix: * gd: Unsigned integer underflow _gdContributionsAlloc * php: Out of bounds access in php_pcre.c:php_pcre_replac ... oval:org.secpod.oval:def:2105112 Integer underflow in the _gdContributionsAlloc function in gd_interpolation.c in the GD Graphics Library (aka libgd) before 2.2.4 allows remote attackers to have unspecified impact via vectors related to decrementing the u variable. oval:org.secpod.oval:def:58849 Multiple security issues were found in PHP, a widely-used open source general purpose scripting language: Missing sanitising in the EXIF extension and the iconv_mime_decode_headers function could result in information disclosure or denial of service. oval:org.secpod.oval:def:116731 PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated web pages. PHP also offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled webpage with PHP is fai ... oval:org.secpod.oval:def:504902 PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. The following packages have been upgraded to a later upstream version: rh-php72-php . Security Fix: * php: underflow in env_path_info in fpm_main.c * gd: Unsigned integer underflow _gdContributionsAlloc * gd: He ... |
