ALAS-2015-509 --- php54ID: oval:org.secpod.oval:def:1200048 | Date: (C)2015-12-29 (M)2024-02-19 |
Class: PATCH | Family: unix |
A buffer overflow vulnerability was found in PHP"s phar implementation. See https://bugs.php.net/bug.php?id=69324 for more details. A use-after-free flaw was found in PHP"s phar paths implementation. A malicious script author could possibly use this flaw to disclose certain portions of server memory. A buffer over-read flaw was found in the GD library. A specially crafted GIF file could cause an application using the gdImageCreateFromGif function to crash. A NULL pointer dereference flaw was found in PHP"s pgsql extension. A specially crafted table name passed to function as pg_insert or pg_select could cause a PHP application to crash. A buffer overflow flaw was found in the way PHP"s Phar extension parsed Phar archives. A specially crafted archive could cause PHP to crash or, possibly, execute arbitrary code when opened
Platform: |
Amazon Linux AMI |