PHP Multiple Flaws May Let Remote and Local Users Execute Arbitrary Code

Posted on Posted in PHP

Decription: Several vulnerabilities were reported in PHP. A user can cause denial of service conditions on the target system. A user can execute arbitrary code on the target system.

The specific impact depends on the application or service using the vulnerable PHP function.

Changes:

  • Fixed integer overflow may occur in GD in the imageline() function with antialiasing.
  • Fixed integer overflow may occur in GD in gdImageScaleBilinearPalette().
  • Fixed stack overflow may occur in GD dynamicGetbuf.
  • Fixed memory read or write access error may occur in GD in gdImageAALine.
  • Fixed stack overflow may occur in GD in imagefilltoborder in processing truecolor images. Version 5.6.x is affected.
  • Fixed integer overflow may occur in IMAP in _php_imap_mail().
  • Fixed use-after-free memory error may occur in SPL in ArrayObject seserialization. Version 5.6.x is affected.
  • Fixed use-after-free memory error may occur in userspace streams. Version 5.6.x is affected.
  • Fixed null pointer dereference may occur in WDDX in pack deserialization with PDORow.

Affected versions: All prior to v.5.6.28 and v.7.0.13

Recommended action: Upgrade PHP to either v.5.6.28 or v.7.0.13

Origin URLs:

Leave a Reply

Your email address will not be published. Required fields are marked *