Showing 1 - 5 of 5

CVE-2016-1903

Status Candidate

Overview

The gdImageRotateInterpolated function in ext/gd/libgd/gd_interpolation.c in PHP before 5.5.31, 5.6.x before 5.6.17, and 7.x before 7.0.2 allows remote attackers to obtain sensitive information or cause a denial of service (out-of-bounds read and application crash) via a large bgd_color argument to the imagerotate function.

Related Files

Red Hat Security Advisory 2016-2750-01: Posted Nov 15, 2016; Authored by Red Hat | Site access.redhat.com; Red Hat Security Advisory 2016-2750-01 - PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. The rh-php56 packages provide a recent stable release of PHP with PEAR 1.9.5 and enhanced language features including constant expressions, variadic functions, arguments unpacking, and the interactive debuger. The memcache, mongo, and XDebug extensions are also included. The rh-php56 Software Collection has been upgraded to version 5.6.25, which provides a number of bug fixes and enhancements over the previous version. Security Fixes in the rh-php56-php component have been added.; tags | advisory, web, php; systems | linux, redhat; advisories | CVE-2013-7456, CVE-2014-9767, CVE-2015-2325, CVE-2015-2326, CVE-2015-2327, CVE-2015-2328, CVE-2015-3210, CVE-2015-3217, CVE-2015-5073, CVE-2015-8381, CVE-2015-8383, CVE-2015-8384, CVE-2015-8385, CVE-2015-8386, CVE-2015-8388, CVE-2015-8391, CVE-2015-8392, CVE-2015-8395, CVE-2015-8835, CVE-2015-8865, CVE-2015-8866, CVE-2015-8867, CVE-2015-8873, CVE-2015-8874, CVE-2015-8876, CVE-2015-8877, CVE-2015-8879, CVE-2016-1903; MD5 | 212c6ace5b1922e09d6bbc3fa03bbe65; Download | Favorite | Comments (0)

HP Security Bulletin HPSBNS03635 1: Posted Aug 22, 2016; Authored by HP | Site hp.com; HP Security Bulletin HPSBNS03635 1 - Multiple potential remote and local vulnerabilities impacting Perl and PHP have been addressed by HPE NonStop Servers OSS Script Languages. The vulnerabilities include Perl's opportunistic loading of optional modules which might allow local users to gain elevation of privilege via a Trojan horse library under the current working directory. Revision 1 of this advisory.; tags | advisory, remote, local, trojan, perl, php, vulnerability; advisories | CVE-2013-7456, CVE-2014-4330, CVE-2015-8383, CVE-2015-8386, CVE-2015-8387, CVE-2015-8389, CVE-2015-8390, CVE-2015-8391, CVE-2015-8393, CVE-2015-8394, CVE-2015-8607, CVE-2015-8853, CVE-2015-8865, CVE-2015-8874, CVE-2016-1238, CVE-2016-1903, CVE-2016-2381, CVE-2016-2554, CVE-2016-3074, CVE-2016-4070, CVE-2016-4071, CVE-2016-4072, CVE-2016-4073, CVE-2016-4342, CVE-2016-4343, CVE-2016-4537, CVE-2016-4538, CVE-2016-4539; MD5 | 208143266211c16a2e73608c2b984f2c; Download | Favorite | Comments (0)

Ubuntu Security Notice USN-2952-2: Posted Apr 28, 2016; Authored by Ubuntu | Site security.ubuntu.com; Ubuntu Security Notice 2952-2 - USN-2952-1 fixed vulnerabilities in PHP. One of the backported patches caused a regression in the PHP Soap client. This update fixes the problem. It was discovered that the PHP Zip extension incorrectly handled directories when processing certain zip files. A remote attacker could possibly use this issue to create arbitrary directories. It was discovered that the PHP Soap client incorrectly validated data types. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. Various other issues were also addressed.; tags | advisory, remote, denial of service, arbitrary, php, vulnerability; systems | linux, ubuntu; advisories | CVE-2014-9767, CVE-2015-8838, CVE-2016-1903, CVE-2016-2554, CVE-2016-3141, CVE-2016-3142; MD5 | 46573c2a67141cd49c531625378337dc; Download | Favorite | Comments (0)

Ubuntu Security Notice USN-2952-1: Posted Apr 21, 2016; Authored by Ubuntu | Site security.ubuntu.com; Ubuntu Security Notice 2952-1 - It was discovered that the PHP Zip extension incorrectly handled directories when processing certain zip files. A remote attacker could possibly use this issue to create arbitrary directories. It was discovered that the PHP Soap client incorrectly validated data types. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. Various other issues were also addressed.; tags | advisory, remote, denial of service, arbitrary, php; systems | linux, ubuntu; advisories | CVE-2014-9767, CVE-2015-8835, CVE-2015-8838, CVE-2016-1903, CVE-2016-2554, CVE-2016-3141, CVE-2016-3142, CVE-2016-3185; MD5 | f539f84a17077d4372a6d9100aacbd29; Download | Favorite | Comments (0)

Slackware Security Advisory - php Updates: Posted Feb 4, 2016; Authored by Slackware Security Team | Site slackware.com; Slackware Security Advisory - New php packages are available for Slackware 14.0, 14.1, and -current to fix security issues.; tags | advisory, php; systems | linux, slackware; advisories | CVE-2015-7803, CVE-2015-7804, CVE-2016-1903; MD5 | e54dc7de41b8742ef7132b298a90d64d; Download | Favorite | Comments (0)

Page 1 of 1 Back 1 Next

Want To Donate?

Bitcoin: 18PFeCVLwpmaBuQqd5xAYZ8bZdvbyEWMmU

Top Authors In Last 30 Days

Red Hat 68 files
Ubuntu 41 files
Debian 28 files
Google Security Research 27 files
Gentoo 21 files
Todor Donev 15 files
Sureshbabu Narvaneni 11 files
mjurczyk 9 files
Apple 7 files
lokihardt 6 files

File Archives

Systems

AIX (409)
Apple (1,539)
BSD (333)
Cisco (1,807)
Debian (5,485)
Fedora (1,679)
FreeBSD (1,193)
Gentoo (3,561)
HPUX (865)
iOS (171)
iPhone (103)
IRIX (219)
Juniper (66)
Linux (33,219)
Mac OS X (652)
Mandriva (3,105)
NetBSD (254)
OpenBSD (455)
RedHat (6,401)
Slackware (814)
Solaris (1,569)
SUSE (1,444)
Ubuntu (5,589)
UNIX (8,259)
UnixWare (172)
Windows (5,320)
Other