Information on source package php7.4

Available versions

ReleaseVersion
bullseye7.4.33-1+deb11u5
bullseye (security)7.4.33-1+deb11u8

Open issues

BugbullseyeDescription
CVE-2025-6491vulnerableNULL Pointer Dereference in PHP SOAP Extension via Large XML Namespace Prefix
CVE-2025-1735vulnerablepgsql extension does not check for errors during escaping
CVE-2025-1220vulnerableNull byte termination in hostnames
CVE-2024-2408vulnerable (no DSA, postponed)The openssl_private_decrypt function in PHP, when using PKCS1 padding ...

Resolved issues

BugDescription
CVE-2025-1861In PHP from 8.1.* before 8.1.32, from 8.2.* before 8.2.28, from 8.3.* ...
CVE-2025-1736In PHP from 8.1.* before 8.1.32, from 8.2.* before 8.2.28, from 8.3.* ...
CVE-2025-1734In PHP from 8.1.* before 8.1.32, from 8.2.* before 8.2.28, from 8.3.* ...
CVE-2025-1219In PHP from 8.1.* before 8.1.32, from 8.2.* before 8.2.28, from 8.3.* ...
CVE-2025-1217In PHP from 8.1.* before 8.1.32, from 8.2.* before 8.2.28, from 8.3.* ...
CVE-2024-11236In PHP versions 8.1.* before 8.1.31, 8.2.* before 8.2.26, 8.3.* before ...
CVE-2024-11234In PHP versions 8.1.* before 8.1.31, 8.2.* before 8.2.26, 8.3.* before ...
CVE-2024-11233In PHP versions 8.1.* before 8.1.31, 8.2.* before 8.2.26, 8.3.* before ...
CVE-2024-9026In PHP versions 8.1.* before 8.1.30, 8.2.* before 8.2.24, 8.3.* before ...
CVE-2024-8932In PHP versions 8.1.* before 8.1.31, 8.2.* before 8.2.26, 8.3.* before ...
CVE-2024-8929In PHP versions 8.1.* before 8.1.31, 8.2.* before 8.2.26, 8.3.* before ...
CVE-2024-8927In PHP versions 8.1.* before 8.1.30, 8.2.* before 8.2.24, 8.3.* before ...
CVE-2024-8926In PHP versions 8.1.* before 8.1.30, 8.2.* before 8.2.24, 8.3.* before ...
CVE-2024-8925In PHP versions8.1.* before 8.1.30, 8.2.* before 8.2.24, 8.3.* before ...
CVE-2024-5585In PHP versions8.1.* before 8.1.29, 8.2.* before 8.2.20, 8.3.* before ...
CVE-2024-5458In PHP versions8.1.* before 8.1.29, 8.2.* before 8.2.20, 8.3.* before ...
CVE-2024-4577In PHP versions8.1.* before 8.1.29, 8.2.* before 8.2.20, 8.3.* before ...
CVE-2024-3096In PHP version 8.1.* before 8.1.28, 8.2.* before 8.2.18, 8.3.* before ...
CVE-2024-2757In PHP 8.3.* before 8.3.5, functionmb_encode_mimeheader() runs endless ...
CVE-2024-2756Due to an incomplete fix to CVE-2022-31629 https://github.com/advisor ...
CVE-2024-1874In PHP versions 8.1.* before 8.1.28, 8.2.* before 8.2.18, 8.3.* before ...
CVE-2023-3824In PHP version 8.0.* before 8.0.30, 8.1.* before 8.1.22, and 8.2.* bef ...
CVE-2023-3823In PHP versions 8.0.* before 8.0.30, 8.1.* before 8.1.22, and 8.2.* be ...
CVE-2023-3247In PHP versions 8.0.* before 8.0.29, 8.1.* before 8.1.20, 8.2.* before ...
CVE-2023-0662In PHP 8.0.X before 8.0.28, 8.1.X before 8.1.16 and 8.2.X before 8.2.3 ...
CVE-2023-0568In PHP 8.0.X before 8.0.28, 8.1.X before 8.1.16 and 8.2.X before 8.2.3 ...
CVE-2023-0567In PHP 8.0.X before 8.0.28, 8.1.X before 8.1.16 and 8.2.X before 8.2.3 ...
CVE-2022-37454The Keccak XKCP SHA-3 reference implementation before fdc6fef has an i ...
CVE-2022-31631In PHP versions 8.0.* before 8.0.27, 8.1.* before 8.1.15, 8.2.* before ...
CVE-2022-31630In PHP versions prior to 7.4.33, 8.0.25 and 8.1.12, when using imagelo ...
CVE-2022-31629In PHP versions before 7.4.31, 8.0.24 and 8.1.11, the vulnerability en ...
CVE-2022-31628In PHP versions before 7.4.31, 8.0.24 and 8.1.11, the phar uncompresso ...
CVE-2022-31627In PHP versions 8.1.x below 8.1.8, when fileinfo functions, such as fi ...
CVE-2022-31626In PHP versions 7.4.x below 7.4.30, 8.0.x below 8.0.20, and 8.1.x belo ...
CVE-2022-31625In PHP versions 7.4.x below 7.4.30, 8.0.x below 8.0.20, and 8.1.x belo ...
CVE-2022-4900A vulnerability was found in PHP where setting the environment variabl ...
CVE-2021-21708In PHP versions 7.4.x below 7.4.28, 8.0.x below 8.0.16, and 8.1.x belo ...
CVE-2021-21707In PHP versions 7.3.x below 7.3.33, 7.4.x below 7.4.26 and 8.0.x below ...
CVE-2021-21706In PHP versions 7.3.x below 7.3.31, 7.4.x below 7.4.24 and 8.0.x below ...
CVE-2021-21705In PHP versions 7.3.x below 7.3.29, 7.4.x below 7.4.21 and 8.0.x below ...
CVE-2021-21704In PHP versions 7.3.x below 7.3.29, 7.4.x below 7.4.21 and 8.0.x below ...
CVE-2021-21703In PHP versions 7.3.x up to and including 7.3.31, 7.4.x below 7.4.25 a ...
CVE-2021-21702In PHP versions 7.3.x below 7.3.27, 7.4.x below 7.4.15 and 8.0.x below ...
CVE-2020-7071In PHP versions 7.3.x below 7.3.26, 7.4.x below 7.4.14 and 8.0.0, when ...
CVE-2020-7070In PHP versions 7.2.x below 7.2.34, 7.3.x below 7.3.23 and 7.4.x below ...
CVE-2020-7069In PHP versions 7.2.x below 7.2.34, 7.3.x below 7.3.23 and 7.4.x below ...
CVE-2020-7068In PHP versions 7.2.x below 7.2.33, 7.3.x below 7.3.21 and 7.4.x below ...
CVE-2020-7067In PHP versions 7.2.x below 7.2.30, 7.3.x below 7.3.17 and 7.4.x below ...
CVE-2020-7066In PHP versions 7.2.x below 7.2.29, 7.3.x below 7.3.16 and 7.4.x below ...
CVE-2020-7065In PHP versions 7.3.x below 7.3.16 and 7.4.x below 7.4.4, while using ...
CVE-2020-7064In PHP versions 7.2.x below 7.2.9, 7.3.x below 7.3.16 and 7.4.x below ...
CVE-2020-7063In PHP versions 7.2.x below 7.2.28, 7.3.x below 7.3.15 and 7.4.x below ...
CVE-2020-7062In PHP versions 7.2.x below 7.2.28, 7.3.x below 7.3.15 and 7.4.x below ...
CVE-2020-7061In PHP versions 7.3.x below 7.3.15 and 7.4.x below 7.4.3, while extrac ...
CVE-2020-7060When using certain mbstring functions to convert multibyte encodings, ...
CVE-2020-7059When using fgetss() function to read data with stripping tags, in PHP ...
CVE-2019-11048In PHP versions 7.2.x below 7.2.31, 7.3.x below 7.3.18 and 7.4.x below ...

Security announcements

DSA / DLADescription
DLA-4088-1php7.4 - security update
DLA-3986-1php7.4 - security update
DLA-3920-1php7.4 - security update
DSA-5660-1php7.4 - security update
DSA-5424-1php7.4 - security update
DSA-5363-1php7.4 - security update
DSA-5277-1php7.4 - security update
DSA-5179-1php7.4 - security update
DSA-5082-1php7.4 - security update
DSA-4992-1php7.4 - security update
Search for package or bug name: Reporting problems