Search CVE reports
31 – 40 of 48 results
CVE-2019-9675
Low priority** DISPUTED ** An issue was discovered in PHP 7.x before 7.1.27 and 7.3.x before 7.3.3. phar_tar_writeheaders_int in ext/phar/tar.c has a buffer overflow via a long link value. NOTE: The vendor indicates that the link value is...
4 affected packages
php5, php7.0, php7.2, php7.3
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| php5 | — | — | — | Not in release | Not in release |
| php7.0 | — | — | — | Not in release | Fixed |
| php7.2 | — | — | — | Fixed | Not in release |
| php7.3 | — | — | — | Not in release | Not in release |
CVE-2019-9641
Medium priorityAn issue was discovered in the EXIF component in PHP before 7.1.27, 7.2.x before 7.2.16, and 7.3.x before 7.3.3. There is an uninitialized read in exif_process_IFD_in_TIFF.
4 affected packages
php5, php7.0, php7.2, php7.3
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| php5 | — | — | — | Not in release | Not in release |
| php7.0 | — | — | — | Not in release | Fixed |
| php7.2 | — | — | — | Fixed | Not in release |
| php7.3 | — | — | — | Not in release | Not in release |
CVE-2019-9640
Medium priorityAn issue was discovered in the EXIF component in PHP before 7.1.27, 7.2.x before 7.2.16, and 7.3.x before 7.3.3. There is an Invalid Read in exif_process_SOFn.
4 affected packages
php5, php7.0, php7.2, php7.3
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| php5 | — | — | — | Not in release | Not in release |
| php7.0 | — | — | — | Not in release | Fixed |
| php7.2 | — | — | — | Fixed | Not in release |
| php7.3 | — | — | — | Not in release | Not in release |
CVE-2019-9639
Medium priorityAn issue was discovered in the EXIF component in PHP before 7.1.27, 7.2.x before 7.2.16, and 7.3.x before 7.3.3. There is an uninitialized read in exif_process_IFD_in_MAKERNOTE because of mishandling the data_len variable.
4 affected packages
php5, php7.0, php7.2, php7.3
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| php5 | — | — | — | Not in release | Not in release |
| php7.0 | — | — | — | Not in release | Fixed |
| php7.2 | — | — | — | Fixed | Not in release |
| php7.3 | — | — | — | Not in release | Not in release |
CVE-2019-9638
Medium priorityAn issue was discovered in the EXIF component in PHP before 7.1.27, 7.2.x before 7.2.16, and 7.3.x before 7.3.3. There is an uninitialized read in exif_process_IFD_in_MAKERNOTE because of mishandling the...
4 affected packages
php5, php7.0, php7.2, php7.3
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| php5 | — | — | — | Not in release | Not in release |
| php7.0 | — | — | — | Not in release | Fixed |
| php7.2 | — | — | — | Fixed | Not in release |
| php7.3 | — | — | — | Not in release | Not in release |
CVE-2019-9637
Low priorityAn issue was discovered in PHP before 7.1.27, 7.2.x before 7.2.16, and 7.3.x before 7.3.3. Due to the way rename() across filesystems is implemented, it is possible that file being renamed is briefly available with wrong...
4 affected packages
php5, php7.0, php7.2, php7.3
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| php5 | — | — | — | Not in release | Not in release |
| php7.0 | — | — | — | Not in release | Fixed |
| php7.2 | — | — | — | Fixed | Not in release |
| php7.3 | — | — | — | Not in release | Not in release |
CVE-2019-9025
Medium priorityAn issue was discovered in PHP 7.3.x before 7.3.1. An invalid multibyte string supplied as an argument to the mb_split() function in ext/mbstring/php_mbregex.c can cause PHP to execute memcpy() with a negative argument, which...
4 affected packages
php5, php7.0, php7.2, php7.3
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| php5 | — | — | — | Not in release | Not in release |
| php7.0 | — | — | — | Not in release | Not affected |
| php7.2 | — | — | — | Not affected | Not in release |
| php7.3 | — | — | — | Not in release | Not in release |
CVE-2019-9024
Medium priorityAn issue was discovered in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1. xmlrpc_decode() can allow a hostile XMLRPC server to cause PHP to read memory outside of allocated areas...
4 affected packages
php5, php7.0, php7.2, php7.3
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| php5 | — | — | — | Not in release | Not in release |
| php7.0 | — | — | — | Not in release | Fixed |
| php7.2 | — | — | — | Fixed | Not in release |
| php7.3 | — | — | — | Not in release | Not in release |
CVE-2019-9023
Medium priorityAn issue was discovered in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1. A number of heap-based buffer over-read instances are present in mbstring regular expression functions when supplied...
4 affected packages
php5, php7.0, php7.2, php7.3
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| php5 | — | — | — | Not in release | Not in release |
| php7.0 | — | — | — | Not in release | Fixed |
| php7.2 | — | — | — | Fixed | Not in release |
| php7.3 | — | — | — | Not in release | Not in release |
CVE-2019-9022
Medium priorityAn issue was discovered in PHP 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.2. dns_get_record misparses a DNS response, which can allow a hostile DNS server to cause PHP to misuse memcpy, leading to read operations...
4 affected packages
php5, php7.0, php7.2, php7.3
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| php5 | — | — | — | Not in release | Not in release |
| php7.0 | — | — | — | Not in release | Fixed |
| php7.2 | — | — | — | Fixed | Not in release |
| php7.3 | — | — | — | Not in release | Not in release |