Information on source package php7.0

Available versions

ReleaseVersion
stretch7.0.19-1
buster7.0.22-2
sid7.0.22-2

Open issues

BugstretchbustersidDescription
CVE-2017-8923vulnerablevulnerablevulnerableThe zend_string_extend function in Zend/zend_string.h in PHP through ...
CVE-2017-12934vulnerablefixedfixedext/standard/var_unserializer.re in PHP 7.0.x before 7.0.21 and 7.1.x ...
CVE-2017-12933vulnerablefixedfixedThe finish_nested_data function in ext/standard/var_unserializer.re in ...
CVE-2017-12932vulnerablefixedfixedext/standard/var_unserializer.re in PHP 7.0.x through 7.0.22 and 7.1.x ...
CVE-2017-11628vulnerablefixedfixedIn PHP before 5.6.31, 7.x before 7.0.21, and 7.1.x before 7.1.7, a ...
CVE-2017-11145vulnerablefixedfixedIn PHP before 5.6.31, 7.x before 7.0.21, and 7.1.x before 7.1.7, an ...
CVE-2017-11144vulnerablefixedfixedIn PHP before 5.6.31, 7.x before 7.0.21, and 7.1.x before 7.1.7, the ...

Open unimportant issues

BugstretchbustersidDescription
CVE-2017-9119vulnerablevulnerablevulnerableThe i_zval_ptr_dtor function in Zend/zend_variables.h in PHP 7.1.5 ...
CVE-2017-7890vulnerablefixedfixedThe GIF decoding function gdImageCreateFromGifCtx in gd_gif_in.c in ...
CVE-2017-11362vulnerablefixedfixedIn PHP 7.x before 7.0.21 and 7.1.x before 7.1.7, ...

Resolved issues

BugDescription
TEMP-0000000-F26C42Type confusion vulnerability in WDDX packet deserialization
TEMP-0000000-EA5272NULL Pointer Dereference in phar_tar_setupmetadata()
TEMP-0000000-D591DCInteger overflow in iptcembed()
TEMP-0000000-B391CAexec functions ignore length but look for NULL termination
TEMP-0000000-A9D025Crash on bad SOAP request
TEMP-0000000-35D7C1Output of stream_get_meta_data can be falsified by its input
CVE-2017-7272PHP through 7.1.3 enables potential SSRF in applications that accept an ...
CVE-2017-5340Zend/zend_hash.c in PHP before 7.0.15 and 7.1.x before 7.1.1 mishandles ...
CVE-2017-11147In PHP before 5.6.30 and 7.x before 7.0.15, the PHAR archive handler ...
CVE-2017-11143In PHP before 5.6.31, an invalid free in the WDDX deserialization of ...
CVE-2017-11142In PHP before 5.6.31, 7.x before 7.0.17, and 7.1.x before 7.1.3, remote ...
CVE-2016-9936The unserialize implementation in ext/standard/var.c in PHP 7.x before ...
CVE-2016-9935The php_wddx_push_element function in ext/wddx/wddx.c in PHP before ...
CVE-2016-9934ext/wddx/wddx.c in PHP before 5.6.28 and 7.x before 7.0.13 allows ...
CVE-2016-9933Stack consumption vulnerability in the gdImageFillToBorder function in ...
CVE-2016-9138PHP through 5.6.27 and 7.x through 7.0.12 mishandles property ...
CVE-2016-9137Use-after-free vulnerability in the CURLFile implementation in ...
CVE-2016-7568Integer overflow in the gdImageWebpCtx function in gd_webp.c in the GD ...
CVE-2016-7480The SplObjectStorage unserialize implementation in ...
CVE-2016-7479In all versions of PHP 7, during the unserialization process, resizing ...
CVE-2016-7478Zend/zend_exceptions.c in PHP, possibly 5.x before 5.6.28 and 7.x ...
CVE-2016-7418The php_wddx_push_element function in ext/wddx/wddx.c in PHP before ...
CVE-2016-7417ext/spl/spl_array.c in PHP before 5.6.26 and 7.x before 7.0.11 ...
CVE-2016-7416ext/intl/msgformat/msgformat_format.c in PHP before 5.6.26 and 7.x ...
CVE-2016-7414The ZIP signature-verification feature in PHP before 5.6.26 and 7.x ...
CVE-2016-7413Use-after-free vulnerability in the wddx_stack_destroy function in ...
CVE-2016-7412ext/mysqlnd/mysqlnd_wireprotocol.c in PHP before 5.6.26 and 7.x before ...
CVE-2016-7411ext/standard/var_unserializer.re in PHP before 5.6.26 mishandles ...
CVE-2016-7134ext/curl/interface.c in PHP 7.x before 7.0.10 does not work around a ...
CVE-2016-7133Zend/zend_alloc.c in PHP 7.x before 7.0.10, when open_basedir is ...
CVE-2016-7132ext/wddx/wddx.c in PHP before 5.6.25 and 7.x before 7.0.10 allows ...
CVE-2016-7131ext/wddx/wddx.c in PHP before 5.6.25 and 7.x before 7.0.10 allows ...
CVE-2016-7130The php_wddx_pop_element function in ext/wddx/wddx.c in PHP before ...
CVE-2016-7129The php_wddx_process_data function in ext/wddx/wddx.c in PHP before ...
CVE-2016-7128The exif_process_IFD_in_TIFF function in ext/exif/exif.c in PHP before ...
CVE-2016-7127The imagegammacorrect function in ext/gd/gd.c in PHP before 5.6.25 and ...
CVE-2016-7126The imagetruecolortopalette function in ext/gd/gd.c in PHP before ...
CVE-2016-7125ext/session/session.c in PHP before 5.6.25 and 7.x before 7.0.10 skips ...
CVE-2016-7124ext/standard/var_unserializer.c in PHP before 5.6.25 and 7.x before ...
CVE-2016-6297Integer overflow in the php_stream_zip_opener function in ...
CVE-2016-6296Integer signedness error in the simplestring_addn function in ...
CVE-2016-6295ext/snmp/snmp.c in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x ...
CVE-2016-6294The locale_accept_from_http function in ...
CVE-2016-6292The exif_process_user_comment function in ext/exif/exif.c in PHP ...
CVE-2016-6291The exif_process_IFD_in_MAKERNOTE function in ext/exif/exif.c in PHP ...
CVE-2016-6290ext/session/session.c in PHP before 5.5.38, 5.6.x before 5.6.24, and ...
CVE-2016-6289Integer overflow in the virtual_file_ex function in ...
CVE-2016-6207Integer overflow in the _gdContributionsAlloc function in ...
CVE-2016-6128The gdImageCropThreshold function in gd_crop.c in the GD Graphics ...
CVE-2016-5773php_zip.c in the zip extension in PHP before 5.5.37, 5.6.x before ...
CVE-2016-5772Double free vulnerability in the php_wddx_process_data function in ...
CVE-2016-5771spl_array.c in the SPL extension in PHP before 5.5.37 and 5.6.x before ...
CVE-2016-5770Integer overflow in the SplFileObject::fread function in ...
CVE-2016-5769Multiple integer overflows in mcrypt.c in the mcrypt extension in PHP ...
CVE-2016-5768Double free vulnerability in the _php_mb_regex_ereg_replace_exec ...
CVE-2016-5767Integer overflow in the gdImageCreate function in gd.c in the GD ...
CVE-2016-5766Integer overflow in the _gd2GetHeader function in gd_gd2.c in the GD ...
CVE-2016-5399The bzread function in ext/bz2/bz2.c in PHP before 5.5.38, 5.6.x ...
CVE-2016-5385PHP through 7.0.8 does not attempt to address RFC 3875 section 4.1.18 ...
CVE-2016-5093The get_icu_value_internal function in ...
CVE-2016-4544The exif_process_TIFF_in_JPEG function in ext/exif/exif.c in PHP ...
CVE-2016-4543The exif_process_IFD_in_JPEG function in ext/exif/exif.c in PHP before ...
CVE-2016-4542The exif_process_IFD_TAG function in ext/exif/exif.c in PHP before ...
CVE-2016-4541The grapheme_strpos function in ext/intl/grapheme/grapheme_string.c in ...
CVE-2016-4540The grapheme_stripos function in ext/intl/grapheme/grapheme_string.c ...
CVE-2016-4539The xml_parse_into_struct function in ext/xml/xml.c in PHP before ...
CVE-2016-4538The bcpowmod function in ext/bcmath/bcmath.c in PHP before 5.5.35, ...
CVE-2016-4537The bcpowmod function in ext/bcmath/bcmath.c in PHP before 5.5.35, ...
CVE-2016-4346Integer overflow in the str_pad function in ext/standard/string.c in ...
CVE-2016-4345Integer overflow in the php_filter_encode_url function in ...
CVE-2016-4344Integer overflow in the xml_utf8_encode function in ext/xml/xml.c in ...
CVE-2016-4343The phar_make_dirstream function in ext/phar/dirstream.c in PHP before ...
CVE-2016-4342ext/phar/phar_object.c in PHP before 5.5.32, 5.6.x before 5.6.18, and ...
CVE-2016-4073Multiple integer overflows in the mbfl_strcut function in ...
CVE-2016-4072The Phar extension in PHP before 5.5.34, 5.6.x before 5.6.20, and 7.x ...
CVE-2016-4071Format string vulnerability in the php_snmp_error function in ...
CVE-2016-4070** DISPUTED ** Integer overflow in the php_raw_url_encode function in ...
CVE-2016-3185The make_http_soap_request function in ext/soap/php_http.c in PHP ...
CVE-2016-3132Double free vulnerability in the SplDoublyLinkedList::offsetSet ...
CVE-2016-3078Multiple integer overflows in php_zip.c in the zip extension in PHP ...
CVE-2016-3074Integer signedness error in GD Graphics Library 2.1.1 (aka libgd or ...
CVE-2016-2554Stack-based buffer overflow in ext/phar/tar.c in PHP before 5.5.32, ...
CVE-2016-1904Multiple integer overflows in ext/standard/exec.c in PHP 7.x before ...
CVE-2016-1903The gdImageRotateInterpolated function in ...
CVE-2016-10397In PHP before 5.6.28 and 7.x before 7.0.13, incorrect handling of ...
CVE-2016-10168Integer overflow in gd_io.c in the GD Graphics Library (aka libgd) ...
CVE-2016-10167The gdImageCreateFromGd2Ctx function in gd_gd2.c in the GD Graphics ...
CVE-2016-10162The php_wddx_pop_element function in ext/wddx/wddx.c in PHP 7.0.x ...
CVE-2016-10161The object_common1 function in ext/standard/var_unserializer.c in PHP ...
CVE-2016-10160Off-by-one error in the phar_parse_pharfile function in ...
CVE-2016-10159Integer overflow in the phar_parse_pharfile function in ...
CVE-2016-10158The exif_convert_any_to_int function in ext/exif/exif.c in PHP before ...
CVE-2015-8994An issue was discovered in PHP 5.x and 7.x, when the configuration ...
CVE-2015-8880Double free vulnerability in the format printer in PHP 7.x before ...
CVE-2015-8879The odbc_bindcols function in ext/odbc/php_odbc.c in PHP before 5.6.12 ...
CVE-2015-8877The gdImageScaleTwoPass function in gd_interpolation.c in the GD ...
CVE-2015-8876Zend/zend_exceptions.c in PHP before 5.4.44, 5.5.x before 5.5.28, and ...
CVE-2015-8874Stack consumption vulnerability in GD in PHP before 5.6.12 allows ...
CVE-2015-8867The openssl_random_pseudo_bytes function in ext/openssl/openssl.c in ...
CVE-2015-8865The file_check_mem function in funcs.c in file before 5.23, as used in ...
CVE-2015-8617Format string vulnerability in the zend_throw_or_error function in ...
CVE-2015-8616Use-after-free vulnerability in the Collator::sortWithSortKeys ...
CVE-2013-7456gd_interpolation.c in the GD Graphics Library (aka libgd) before ...

Search for package or bug name: Reporting problems