- Home
- CVEs with nessus.description==PHP 5.3 was updated to fix three security issues :
- Use-after-free vulnerability allowed remote attackers to
execute arbitrary code via a crafted unserialize call
that leveraged improper handling of duplicate keys
within the serialized properties of an object.
(bnc#910659). (CVE-2014-8142)
- Use-after-free vulnerability allowed remote attackers to
execute arbitrary code via a crafted unserialize call
that leveraged improper handling of duplicate numerical
keys within the serialized properties of an object.
NOTE: this vulnerability exists because of an incomplete
fix for CVE-2014-8142. (bnc#910659). (CVE-2015-0231)
- The exif_process_unicode function allowed remote
attackers to execute arbitrary code or cause a denial of
service (uninitialized pointer free and application
crash) via crafted EXIF data in a JPEG image.
(bnc#914690). (CVE-2015-0232)
Additionally a fix was included that protects against a possible NULL
pointer use. (bnc#910659)
This non-security issue has been fixed :
- Don't ignore default_socket_timeout on outgoing SSL
connection (bnc#907519)
Max CVSS | 0 |
Min CVSS | 0 |
Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published |
Back to Top
Mark selected
Back to Top