CVE-2016-7133
- EPSS 4.05%
- Veröffentlicht 12.09.2016 01:59:11
- Zuletzt bearbeitet 06.05.2026 22:30:45
Zend/zend_alloc.c in PHP 7.x before 7.0.10, when open_basedir is enabled, mishandles huge realloc operations, which allows remote attackers to cause a denial of service (integer overflow) or possibly have unspecified other impact via a long pathname.
CVE-2016-7132
- EPSS 8.83%
- Veröffentlicht 12.09.2016 01:59:10
- Zuletzt bearbeitet 06.05.2026 22:30:45
ext/wddx/wddx.c in PHP before 5.6.25 and 7.x before 7.0.10 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) or possibly have unspecified other impact via an invalid wddxPacket XML document that is ...
CVE-2016-7131
- EPSS 8.83%
- Veröffentlicht 12.09.2016 01:59:09
- Zuletzt bearbeitet 06.05.2026 22:30:45
ext/wddx/wddx.c in PHP before 5.6.25 and 7.x before 7.0.10 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) or possibly have unspecified other impact via a malformed wddxPacket XML document that is...
CVE-2016-7130
- EPSS 6.67%
- Veröffentlicht 12.09.2016 01:59:08
- Zuletzt bearbeitet 06.05.2026 22:30:45
The php_wddx_pop_element function in ext/wddx/wddx.c in PHP before 5.6.25 and 7.x before 7.0.10 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) or possibly have unspecified other impact via an inv...
CVE-2016-7129
- EPSS 6.84%
- Veröffentlicht 12.09.2016 01:59:07
- Zuletzt bearbeitet 06.05.2026 22:30:45
The php_wddx_process_data function in ext/wddx/wddx.c in PHP before 5.6.25 and 7.x before 7.0.10 allows remote attackers to cause a denial of service (segmentation fault) or possibly have unspecified other impact via an invalid ISO 8601 time value, a...
CVE-2016-7128
- EPSS 7.77%
- Veröffentlicht 12.09.2016 01:59:06
- Zuletzt bearbeitet 06.05.2026 22:30:45
The exif_process_IFD_in_TIFF function in ext/exif/exif.c in PHP before 5.6.25 and 7.x before 7.0.10 mishandles the case of a thumbnail offset that exceeds the file size, which allows remote attackers to obtain sensitive information from process memor...
CVE-2016-7127
- EPSS 6.84%
- Veröffentlicht 12.09.2016 01:59:05
- Zuletzt bearbeitet 06.05.2026 22:30:45
The imagegammacorrect function in ext/gd/gd.c in PHP before 5.6.25 and 7.x before 7.0.10 does not properly validate gamma values, which allows remote attackers to cause a denial of service (out-of-bounds write) or possibly have unspecified other impa...
CVE-2016-7126
- EPSS 8.82%
- Veröffentlicht 12.09.2016 01:59:04
- Zuletzt bearbeitet 06.05.2026 22:30:45
The imagetruecolortopalette function in ext/gd/gd.c in PHP before 5.6.25 and 7.x before 7.0.10 does not properly validate the number of colors, which allows remote attackers to cause a denial of service (select_colors allocation error and out-of-boun...
CVE-2016-7125
- EPSS 5.78%
- Veröffentlicht 12.09.2016 01:59:03
- Zuletzt bearbeitet 06.05.2026 22:30:45
ext/session/session.c in PHP before 5.6.25 and 7.x before 7.0.10 skips invalid session names in a way that triggers incorrect parsing, which allows remote attackers to inject arbitrary-type session data by leveraging control of a session name, as dem...
CVE-2016-7124
- EPSS 16.48%
- Veröffentlicht 12.09.2016 01:59:02
- Zuletzt bearbeitet 06.05.2026 22:30:45
ext/standard/var_unserializer.c in PHP before 5.6.25 and 7.x before 7.0.10 mishandles certain invalid objects, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted serialized data that leads...