| Max CVSS | 7.5 | Min CVSS | 5.0 | Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published | |
| CVE-2016-7126 | 7.5 |
The imagetruecolortopalette function in ext/gd/gd.c in PHP before 5.6.25 and 7.x before 7.0.10 does not properly validate the number of colors, which allows remote attackers to cause a denial of service (select_colors allocation error and out-of-boun
|
16-11-2020 - 19:43 | 12-09-2016 - 01:59 | |
| CVE-2016-7131 | 5.0 |
ext/wddx/wddx.c in PHP before 5.6.25 and 7.x before 7.0.10 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) or possibly have unspecified other impact via a malformed wddxPacket XML document that is
|
16-11-2020 - 19:41 | 12-09-2016 - 01:59 | |
| CVE-2016-7132 | 5.0 |
ext/wddx/wddx.c in PHP before 5.6.25 and 7.x before 7.0.10 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) or possibly have unspecified other impact via an invalid wddxPacket XML document that is
|
16-11-2020 - 19:26 | 12-09-2016 - 01:59 | |
| CVE-2016-7129 | 7.5 |
The php_wddx_process_data function in ext/wddx/wddx.c in PHP before 5.6.25 and 7.x before 7.0.10 allows remote attackers to cause a denial of service (segmentation fault) or possibly have unspecified other impact via an invalid ISO 8601 time value, a
|
05-01-2018 - 02:31 | 12-09-2016 - 01:59 | |
| CVE-2016-7127 | 7.5 |
The imagegammacorrect function in ext/gd/gd.c in PHP before 5.6.25 and 7.x before 7.0.10 does not properly validate gamma values, which allows remote attackers to cause a denial of service (out-of-bounds write) or possibly have unspecified other impa
|
05-01-2018 - 02:31 | 12-09-2016 - 01:59 | |
| CVE-2016-7125 | 5.0 |
ext/session/session.c in PHP before 5.6.25 and 7.x before 7.0.10 skips invalid session names in a way that triggers incorrect parsing, which allows remote attackers to inject arbitrary-type session data by leveraging control of a session name, as dem
|
05-01-2018 - 02:31 | 12-09-2016 - 01:59 | |
| CVE-2016-7130 | 5.0 |
The php_wddx_pop_element function in ext/wddx/wddx.c in PHP before 5.6.25 and 7.x before 7.0.10 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) or possibly have unspecified other impact via an inv
|
05-01-2018 - 02:31 | 12-09-2016 - 01:59 | |
| CVE-2016-7124 | 7.5 |
ext/standard/var_unserializer.c in PHP before 5.6.25 and 7.x before 7.0.10 mishandles certain invalid objects, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted serialized data that leads
|
05-01-2018 - 02:31 | 12-09-2016 - 01:59 | |
| CVE-2016-7128 | 5.0 |
The exif_process_IFD_in_TIFF function in ext/exif/exif.c in PHP before 5.6.25 and 7.x before 7.0.10 mishandles the case of a thumbnail offset that exceeds the file size, which allows remote attackers to obtain sensitive information from process memor
|
05-01-2018 - 02:31 | 12-09-2016 - 01:59 | |
| CVE-2016-7134 | 7.5 |
ext/curl/interface.c in PHP 7.x before 7.0.10 does not work around a libcurl integer overflow, which allows remote attackers to cause a denial of service (allocation error and heap-based buffer overflow) or possibly have unspecified other impact via
|
16-08-2017 - 01:29 | 12-09-2016 - 01:59 | |
| CVE-2016-7133 | 6.8 |
Zend/zend_alloc.c in PHP 7.x before 7.0.10, when open_basedir is enabled, mishandles huge realloc operations, which allows remote attackers to cause a denial of service (integer overflow) or possibly have unspecified other impact via a long pathname.
|
01-07-2017 - 01:30 | 12-09-2016 - 01:59 |