[Forgot Password]
Login  Register Subscribe

30389

 
 

423868

 
 

244625

 
 

909

 
 

193379

 
 

277

Paid content will be excluded from the download.


Download | Alert*
OVAL

ALAS-2016-728 ---- php55 php56

ID: oval:org.secpod.oval:def:1600430Date: (C)2016-08-09   (M)2024-02-19
Class: PATCHFamily: unix




A stack consumption vulnerability in GD in PHP allows remote attackers to cause a denial of service via a crafted imagefilltoborder call. An integer overflow, leading to a heap-based buffer overflow was found in the imagecreatefromgd2 function of PHP"s gd extension. A remote attacker could use this flaw to crash a PHP application or execute arbitrary code with the privileges of the user running that PHP application, using gd via a specially crafted GD2 image. An integer overflow, leading to a heap-based buffer overflow was found in the gdImagePaletteToTrueColor function of PHP"s gd extension. A remote attacker could use this flaw to crash a PHP application or execute arbitrary code with the privileges of the user running that PHP application, using gd via a specially crafted image buffer. A double free flaw was found in the mb_ereg_replace_callback function of php which is used to perform regex search. This flaw could possibly cause a PHP application to crash. The mcrypt_generic and mdecrypt_generic functions are prone to integer overflows, resulting in a heap-based overflow. A remote attacker could use this flaw to crash a PHP application or execute arbitrary code with the privileges of the user running that PHP application. A type confusion issue was found in the SPLFileObject fread function. A remote attacker able to submit a specially crafted input to a PHP application, which uses this function, could use this flaw to execute arbitrary code with the privileges of the user running that PHP application. A use-after-free vulnerability that can occur when calling unserialize on untrusted input was discovered. A remote attacker could use this flaw to crash a PHP application or execute arbitrary code with the privileges of the user running that PHP application if the application unserializes untrusted input. A double free can occur in wddx_deserialize when trying to deserialize malicious XML input from user"s request. This flaw could possibly cause a PHP application to crash

Platform:
Amazon Linux AMI
Product:
php55
php56
Reference:
ALAS-2016-728
CVE-2016-5773
CVE-2016-5772
CVE-2016-5771
CVE-2016-5770
CVE-2016-5769
CVE-2016-5768
CVE-2016-5767
CVE-2016-5766
CVE-2016-5385
CVE-2015-8874
CVE    10
CVE-2016-5385
CVE-2016-5769
CVE-2016-5773
CVE-2016-5772
...
CPE    3
cpe:/o:amazon:linux
cpe:/a:php:php56
cpe:/a:php:php55

© SecPod Technologies