An issue was discovered in PHP before 5.6.37, 7.0.x before 7.0.31, 7.1.x before 7.1.20, and 7.2.x before 7.2.8. An Integer Overflow leads to a heap-based buffer over-read in exif_thumbnail_extract of exif.c.
| Max Base Score | 7.5 |
| Published | 2018-08-03 |
| Updated | 2020-08-24 |
| EPSS | 0.38% |
In PHP through 5.6.33, 7.0.x before 7.0.28, 7.1.x through 7.1.14, and 7.2.x through 7.2.2, there is a stack-based buffer under-read while parsing an HTTP response in the php_stream_url_wrap_http_ex function in ext/standard/http_fopen_wrapper.c. This subsequently results in copying a large string.
| Max Base Score | 9.8 |
| Published | 2018-03-01 |
| Updated | 2019-08-19 |
| EPSS | 79.89% |
PHP 7.x through 7.1.5 allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a long string because of an Integer overflow in mysqli_real_escape_string.
| Max Base Score | 9.8 |
| Published | 2018-08-02 |
| Updated | 2022-07-20 |
| EPSS | 0.85% |
3 vulnerabilities found