Search CVE reports
71 – 80 of 639 results
CVE-2019-11035
Medium priorityWhen processing certain files, PHP EXIF extension in versions 7.1.x below 7.1.28, 7.2.x below 7.2.17 and 7.3.x below 7.3.4 can be caused to read past allocated buffer in exif_iif_add_value function. This may lead to information...
3 affected packages
php5, php7.0, php7.2
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| php5 | — | — | — | Not in release | Not in release |
| php7.0 | — | — | — | Not in release | Fixed |
| php7.2 | — | — | — | Fixed | Not in release |
CVE-2019-11034
Medium priorityWhen processing certain files, PHP EXIF extension in versions 7.1.x below 7.1.28, 7.2.x below 7.2.17 and 7.3.x below 7.3.4 can be caused to read past allocated buffer in exif_process_IFD_TAG function. This may lead to information...
3 affected packages
php5, php7.0, php7.2
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| php5 | — | — | — | Not in release | Not in release |
| php7.0 | — | — | — | Not in release | Fixed |
| php7.2 | — | — | — | Fixed | Not in release |
CVE-2019-9675
Low priority** DISPUTED ** An issue was discovered in PHP 7.x before 7.1.27 and 7.3.x before 7.3.3. phar_tar_writeheaders_int in ext/phar/tar.c has a buffer overflow via a long link value. NOTE: The vendor indicates that the link value is...
4 affected packages
php5, php7.0, php7.2, php7.3
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| php5 | — | — | — | Not in release | Not in release |
| php7.0 | — | — | — | Not in release | Fixed |
| php7.2 | — | — | — | Fixed | Not in release |
| php7.3 | — | — | — | Not in release | Not in release |
CVE-2019-9641
Medium priorityAn issue was discovered in the EXIF component in PHP before 7.1.27, 7.2.x before 7.2.16, and 7.3.x before 7.3.3. There is an uninitialized read in exif_process_IFD_in_TIFF.
4 affected packages
php5, php7.0, php7.2, php7.3
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| php5 | — | — | — | Not in release | Not in release |
| php7.0 | — | — | — | Not in release | Fixed |
| php7.2 | — | — | — | Fixed | Not in release |
| php7.3 | — | — | — | Not in release | Not in release |
CVE-2019-9640
Medium priorityAn issue was discovered in the EXIF component in PHP before 7.1.27, 7.2.x before 7.2.16, and 7.3.x before 7.3.3. There is an Invalid Read in exif_process_SOFn.
4 affected packages
php5, php7.0, php7.2, php7.3
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| php5 | — | — | — | Not in release | Not in release |
| php7.0 | — | — | — | Not in release | Fixed |
| php7.2 | — | — | — | Fixed | Not in release |
| php7.3 | — | — | — | Not in release | Not in release |
CVE-2019-9639
Medium priorityAn issue was discovered in the EXIF component in PHP before 7.1.27, 7.2.x before 7.2.16, and 7.3.x before 7.3.3. There is an uninitialized read in exif_process_IFD_in_MAKERNOTE because of mishandling the data_len variable.
4 affected packages
php5, php7.0, php7.2, php7.3
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| php5 | — | — | — | Not in release | Not in release |
| php7.0 | — | — | — | Not in release | Fixed |
| php7.2 | — | — | — | Fixed | Not in release |
| php7.3 | — | — | — | Not in release | Not in release |
CVE-2019-9638
Medium priorityAn issue was discovered in the EXIF component in PHP before 7.1.27, 7.2.x before 7.2.16, and 7.3.x before 7.3.3. There is an uninitialized read in exif_process_IFD_in_MAKERNOTE because of mishandling the...
4 affected packages
php5, php7.0, php7.2, php7.3
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| php5 | — | — | — | Not in release | Not in release |
| php7.0 | — | — | — | Not in release | Fixed |
| php7.2 | — | — | — | Fixed | Not in release |
| php7.3 | — | — | — | Not in release | Not in release |
CVE-2019-9637
Low priorityAn issue was discovered in PHP before 7.1.27, 7.2.x before 7.2.16, and 7.3.x before 7.3.3. Due to the way rename() across filesystems is implemented, it is possible that file being renamed is briefly available with wrong...
4 affected packages
php5, php7.0, php7.2, php7.3
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| php5 | — | — | — | Not in release | Not in release |
| php7.0 | — | — | — | Not in release | Fixed |
| php7.2 | — | — | — | Fixed | Not in release |
| php7.3 | — | — | — | Not in release | Not in release |
CVE-2019-9025
Medium priorityAn issue was discovered in PHP 7.3.x before 7.3.1. An invalid multibyte string supplied as an argument to the mb_split() function in ext/mbstring/php_mbregex.c can cause PHP to execute memcpy() with a negative argument, which...
4 affected packages
php5, php7.0, php7.2, php7.3
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| php5 | — | — | — | Not in release | Not in release |
| php7.0 | — | — | — | Not in release | Not affected |
| php7.2 | — | — | — | Not affected | Not in release |
| php7.3 | — | — | — | Not in release | Not in release |
CVE-2019-9024
Medium priorityAn issue was discovered in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1. xmlrpc_decode() can allow a hostile XMLRPC server to cause PHP to read memory outside of allocated areas...
4 affected packages
php5, php7.0, php7.2, php7.3
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| php5 | — | — | — | Not in release | Not in release |
| php7.0 | — | — | — | Not in release | Fixed |
| php7.2 | — | — | — | Fixed | Not in release |
| php7.3 | — | — | — | Not in release | Not in release |