ALAS-2017-808 ---- php56ID: oval:org.secpod.oval:def:39728 | Date: (C)2017-04-03 (M)2024-02-19 |
Class: PATCH | Family: unix |
Integer overflow in gd_io.c in the GD Graphics Library before 2.2.4 allows remote attackers to have unspecified impact via vectors involving the number of horizontal and vertical chunks in an image.The object_common1 function in ext/standard/var_unserializer.c in PHP before 5.6.30, 7.0.x before 7.0.15, and 7.1.x before 7.1.1 allows remote attackers to cause a denial of service via crafted serialized data that is mishandled in a finish_nested_data call.Off-by-one error in the phar_parse_pharfile function in ext/phar/phar.c in PHP before 5.6.30 and 7.0.x before 7.0.15 allows remote attackers to cause a denial of service or possibly execute arbitrary code via a crafted PHAR archive with an alias mismatch.It was found that the exif_convert_any_to_int function in PHP was vulnerable to floating point exceptions when parsing tags in image files. A remote attacker with the ability to upload a malicious image could crash PHP, causing a Denial of Service.Integer overflow in the phar_parse_pharfile function in ext/phar/phar.c in PHP before 5.6.30 and 7.0.x before 7.0.15 allows remote attackers to cause a denial of service via a truncated manifest entry in a PHAR archive.The gdImageCreateFromGd2Ctx function in gd_gd2.c in the GD Graphics Library before 2.2.4 allows remote attackers to cause a denial of service via a crafted image file.
Platform: |
Amazon Linux AMI |