RHSA-2016:2750MediumCVSS 8.1

Red Hat Security Advisory: rh-php56 security, bug fix, and enhancement update

Published
November 15, 2016
Last Modified
June 27, 2026

🔗 CVE IDs covered (80)

📋 Description

CVE-2013-7456 — gd: incorrect boundary adjustment in _gdContributionsCalc CVE-2014-9767 — php: ZipArchive:: extractTo allows for directory traversal when creating directories CVE-2015-2325 — pcre: heap buffer overflow in compile_branch() CVE-2015-2326 — pcre: heap buffer over-read in pcre_compile2() (8.37/23) CVE-2015-2327 — pcre: infinite recursion compiling pattern with zero-repeated groups that include recursive back reference (8.36/19) CVE-2015-2328 — pcre: infinite recursion compiling pattern with recursive reference in a group with indefinite repeat (8.36/20) CVE-2015-3210 — pcre: buffer overflow caused by recursive back reference by name within certain group (8.38/4) CVE-2015-3217 — pcre: stack overflow caused by mishandled group empty match (8.38/11) CVE-2015-5073 — pcre: buffer overflow for forward reference within backward assertion with excess closing parenthesis (8.38/18) CVE-2015-8381 — pcre: Buffer overflow caused by duplicate named references (8.38/36) CVE-2015-8383 — pcre: Buffer overflow caused by repeated conditional group (8.38/3) CVE-2015-8384 — pcre: buffer overflow caused by recursive back reference by name within certain group (8.38/4) CVE-2015-8385 — pcre: buffer overflow caused by named forward reference to duplicate group number (8.38/30) CVE-2015-8386 — pcre: Buffer overflow caused by lookbehind assertion (8.38/6) CVE-2015-8388 — pcre: buffer overflow for forward reference within backward assertion with excess closing parenthesis (8.38/18) CVE-2015-8391 — pcre: inefficient posix character class syntax check (8.38/16) CVE-2015-8392 — pcre: buffer overflow caused by patterns with duplicated named groups with (?| (8.38/27) CVE-2015-8395 — pcre: Buffer overflow caused by duplicate named references (8.38/36) CVE-2015-8835 — php: type confusion issue in Soap Client call() method CVE-2015-8865 — file: Buffer over-write in finfo_open with malformed magic file CVE-2015-8866 — php: libxml_disable_entity_loader setting is shared between threads CVE-2015-8867 — php: openssl_random_pseudo_bytes() is not cryptographically secure CVE-2015-8873 — php: Stack consumption vulnerability in Zend/zend_exceptions.c CVE-2015-8874 — gd: gdImageFillToBorder deep recursion leading to stack overflow CVE-2015-8876 — php: Zend/zend_exceptions.c does not validate certain Exception objects CVE-2015-8877 — gd: gdImageScaleTwoPass function in gd_interpolation.c uses inconsistent allocate and free approaches CVE-2015-8879 — php: odbc_bindcols function mishandles driver behavior for SQL_WVARCHAR columns CVE-2015-8935 — php: HTTP response splitting in header() function CVE-2016-1903 — php: Out-of-bounds memory read via gdImageRotateInterpolated CVE-2016-2554 — php: buffer overflow in handling of long link names in tar phar archives CVE-2016-3074 — php: Signedness vulnerability causing heap overflow in libgd CVE-2016-3141 — php: Use after free in WDDX Deserialize when processing XML data CVE-2016-3142 — php: Out-of-bounds read in phar_parse_zipfile() CVE-2016-4070 — php: Integer overflow in php_raw_url_encode CVE-2016-4071 — php: Format string vulnerability in php_snmp_error() CVE-2016-4072 — php: Invalid memory write in phar on filename containing \0 inside name CVE-2016-4073 — php: mb_strcut() Negative size parameter in memcpy CVE-2016-4342 — php: use of uninitialized pointer in PharFileInfo::getContent CVE-2016-4343 — php: Uninitialized pointer in phar_make_dirstream() CVE-2016-4473 — php: Invalid free() instead of efree() in phar_extract_file() CVE-2016-4537 — php: bcpowmod accepts negative scale causing heap buffer overflow corrupting one definition CVE-2016-4538 — php: bcpowmod accepts negative scale causing heap buffer overflow corrupting one definition CVE-2016-4539 — php: xml_parse_into_struct() can crash when XML parser is re-used CVE-2016-4540 — php: OOB read in grapheme_stripos and grapheme_strpos when negative offset is used CVE-2016-4541 — php: OOB read in grapheme_stripos and grapheme_strpos when negative offset is used CVE-2016-4542 — php: Out-of-bounds heap memory read in exif_read_data() caused by malformed input CVE-2016-4543 — php: Out-of-bounds heap memory read in exif_read_data() caused by malformed input CVE-2016-4544 — php: Out-of-bounds heap memory read in exif_read_data() caused by malformed input CVE-2016-5093 — php: improper nul termination leading to out-of-bounds read in get_icu_value_internal CVE-2016-5094 — php: Integer overflow in php_html_entities() CVE-2016-5096 — php: Integer underflow causing arbitrary null write in fread/gzread CVE-2016-5114 — php: out-of-bounds write in fpm_log.c CVE-2016-5399 — php: Improper error handling in bzread() CVE-2016-5766 — gd: Integer overflow in _gd2GetHeader() resulting in heap overflow CVE-2016-5767 — gd: Integer Overflow in gdImagePaletteToTrueColor() resulting in heap overflow CVE-2016-5768 — php: Double free in _php_mb_regex_ereg_replace_exec CVE-2016-5770 — php: Int/size_t confusion in SplFileObject::fread CVE-2016-5771 — php: Use After Free Vulnerability in PHP's GC algorithm and unserialize CVE-2016-5772 — php: Double Free Corruption in wddx_deserialize CVE-2016-5773 — php: ZipArchive class Use After Free Vulnerability in PHP's GC algorithm and unserialize CVE-2016-6128 — gd: Invalid color index not properly handled CVE-2016-6207 — php,gd: Integer overflow error within _gdContributionsAlloc() CVE-2016-6288 — php: Buffer over-read in php_url_parse_ex CVE-2016-6289 — php: Integer overflow leads to buffer overflow in virtual_file_ex CVE-2016-6290 — php: Use after free in unserialize() with Unexpected Session Deserialization CVE-2016-6291 — php: Out-of-bounds access in exif_process_IFD_in_MAKERNOTE CVE-2016-6292 — php: Null pointer dereference in exif_process_user_comment CVE-2016-6294 — php: Out-of-bounds access in locale_accept_from_http CVE-2016-6295 — php: Use after free in SNMP with GC and unserialize() CVE-2016-6296 — php: Heap buffer overflow vulnerability in simplestring_addn in simplestring.c CVE-2016-6297 — php: Stack-based buffer overflow vulnerability in php_stream_zip_opener CVE-2016-7124 — php: bypass __wakeup() in deserialization of an unexpected object CVE-2016-7125 — php: Session Data Injection Vulnerability CVE-2016-7126 — php: select_colors write out-of-bounds CVE-2016-7127 — php: imagegammacorrect allows arbitrary write access CVE-2016-7128 — php: Memory Leakage In exif_process_IFD_in_TIFF CVE-2016-7129 — php: wddx_deserialize allows illegal memory access CVE-2016-7130 — php: wddx_deserialize null dereference CVE-2016-7131 — php: wddx_deserialize null dereference with invalid xml CVE-2016-7132 — php: wddx_deserialize null dereference in php_wddx_pop_element

🔗 References (75)