php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

  Showing 1-30 of 392 Show Next 30 Entries »
ID# Date Last Modified Package Type Status PHP Version OS Summary Assigned
66171
(edit)		 2013-11-25 20:43 UTC 2014-04-14 12:28 UTC Session related Sec Bug Closed master-Git-2013-11-25 (Git) Linux ps_files_open: Block symlinks properly, prevent opening other users' sessions  
67327
(edit)		 2014-05-22 14:23 UTC 2014-05-27 01:14 UTC Filesystem function related Sec Bug Closed 5.4.28   fileinfo: CDF infinite loop in nelements DoS  
67328
(edit)		 2014-05-22 14:28 UTC 2014-05-27 01:15 UTC Filesystem function related Sec Bug Closed 5.4.28   fileinfo: numerous file_printf calls resulting in performance degradation  
68027
(edit)		 2014-09-16 09:42 UTC 2014-10-14 17:41 UTC *General Issues Sec Bug Closed 5.6.0 Ubuntu 14.04.1 LTS 64bit AddressSanitizer reports a global buffer overflow in mkgmtime() function.  
68044
(edit)		 2014-09-18 13:55 UTC 2014-10-14 17:41 UTC Reproducible crash Sec Bug Closed 5.5.17 Ubuntu 14.04.1 LTS 32bit Integer overflow in unserialize() (32-bits only)  
68089
(edit)		 2014-09-24 11:59 UTC 2014-10-14 17:41 UTC *General Issues Sec Bug Closed 5.6.0 Ubuntu 14.04 LTS NULL byte injection - cURL lib  
68113
(edit)		 2014-09-28 23:31 UTC 2014-10-14 17:41 UTC EXIF related Sec Bug Closed 5.4.33 * Heap corruption in exif_thumbnail()  
68706
(edit)		 2015-01-01 05:50 UTC 2015-01-04 05:55 UTC mbstring related Sec Bug Closed master-Git-2015-01-01 (Git) Linux Ubuntu 14.04 explicit uninitalized pointer in mbstring  
68799
(edit)		 2015-01-11 04:08 UTC 2015-01-20 18:39 UTC EXIF related Sec Bug Closed 5.4.36 Debian Wheezy Free called on unitialized pointer  
69337
(edit)		 2015-03-31 07:47 UTC 2015-04-14 07:28 UTC Streams related Sec Bug Closed Irrelevant   php_stream_url_wrap_http_ex() type-confusion vulnerability  
69793
(edit)		 2015-06-10 16:42 UTC 2015-08-04 22:20 UTC Class/Object related Sec Bug Closed Irrelevant Ubuntu x86_64 Remotely triggerable stack exhaustion via recursive method calls  
70121
(edit)		 2015-07-23 21:40 UTC 2015-08-04 22:21 UTC *General Issues Sec Bug Closed Irrelevant Ubuntu x86_64 unserialize() could lead to unexpected methods execution / NULL pointer deref  
70312
(edit)		 2015-08-20 15:00 UTC 2015-08-30 13:17 UTC hash related Sec Bug Closed 5.4.44 Windows/linux HAVAL gives wrong hashes in specific cases  
70345
(edit)		 2015-08-24 17:31 UTC 2015-09-01 18:44 UTC PCRE related Sec Bug Closed 5.4 Windows/Linux Multiple vulnerabilities related to PCRE functions  
70385
(edit)		 2015-08-28 18:43 UTC 2015-09-01 18:44 UTC EXIF related Sec Bug Closed 5.6.13RC1 Linux Buffer over-read in exif_read_data with TIFF IFD tag byte value of 32 bytes  
74087
(edit)		 2017-02-12 09:32 UTC 2017-07-05 04:12 UTC PCRE related Sec Bug Closed 7.1.1 Ubuntu16.04LTS Segmentation fault in PHP7.1.1(compiled using the bundled PCRE library)  
77950
(edit)		 2019-04-29 03:38 UTC 2019-04-30 07:06 UTC EXIF related Sec Bug Closed 7.2Git-2019-04-29 (Git) Linux Heap-buffer-overflow in _estrndup via exif_process_IFD_TAG  
77967
(edit)		 2019-05-04 10:04 UTC 2019-05-28 04:36 UTC SQLite related Sec Bug Closed 7.3.5 Linux Bypassing open_basedir restrictions via file uris  
78269
(edit)		 2019-07-10 09:15 UTC 2019-07-10 16:15 UTC *Encryption and hash functions Sec Bug Closed 7.2.20 irrevelant password_hash uses weak options for argon2  
79465
(edit)		 2020-04-10 16:00 UTC 2020-04-14 04:10 UTC *URL Functions Sec Bug Closed Irrelevant Any OOB Read in urldecode()  
81738
(edit)		 2022-10-11 18:24 UTC 2022-10-21 05:55 UTC hash related Sec Bug Closed 8.2.0RC3 all 64-bit buffer overflow in hash_update() on long parameter  
61504
(edit)		 2012-03-25 12:49 UTC 2012-04-06 13:31 UTC *Directory/Filesystem functions Sec Bug Closed Irrelevant all Potential vulnerability in fileinfo ext ab
67329
(edit)		 2014-05-22 14:31 UTC 2014-06-27 08:05 UTC Filesystem function related Sec Bug Closed 5.6   fileinfo: NULL pointer deference flaw by processing certain CDF files ab
68545
(edit)		 2014-12-03 23:10 UTC 2014-12-11 20:15 UTC Reproducible crash Sec Bug Closed 5.6.3 Ubuntu 2.6.32/Debian 3.7 NULL pointer dereference in unserialize.c:var_push_dtor ab
68735
(edit)		 2015-01-03 17:48 UTC 2015-03-19 16:20 UTC *Directory/Filesystem functions Sec Bug Closed 5.4.* any fileinfo out-of-bounds memory access ab
68819
(edit)		 2015-01-12 22:53 UTC 2016-02-11 14:08 UTC Reproducible crash Sec Bug Closed 5.6.4 Linux/MacOS/any? Fileinfo on specific file causes spurious OOM and/or segfault ab
69033
(edit)		 2015-02-12 04:31 UTC 2015-03-17 23:55 UTC Scripting Engine problem Sec Bug Closed 5.5.21 Windows Request may get env. variables from previous requests if PHP works as FastCGI ab
69134
(edit)		 2015-02-27 05:06 UTC 2015-03-17 23:55 UTC PHP options/info functions Sec Bug Closed 5.5.22 Windows Per Directory Values overrides PHP_INI_SYSTEM configuration options ab
69646
(edit)		 2015-05-15 23:12 UTC 2015-06-18 12:31 UTC Program Execution Sec Bug Closed Irrelevant Windows OS command injection vulnerability in escapeshellarg ab
71270
(edit)		 2016-01-03 23:26 UTC 2016-01-21 11:46 UTC Scripting Engine problem Sec Bug Closed 7.0.1   Heap BufferOver Flow in escapeshell functions ab
  Showing 1-30 of 392 Show Next 30 Entries »
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved. 		Last updated: Sat May 04 03:01:30 2024 UTC