oss-sec mailing list archives

CVE assignment for PHP 5.6.25 and 7.0.10

From: Lior Kaplan <kaplanlior () gmail com>
Date: Fri, 2 Sep 2016 11:42:31 +0300

Hello Mitre team,

Please consider CVE assignment for the following issues in PHP.

Shared between PHP 5.6.25 and 7.0.10:

Core:

Bug #72663 <https://bugs.php.net/bug.php?id=72663> Create an Unexpected
Object and Don't Invoke __wakeup() in Deserialization
Bug #72681 <https://bugs.php.net/bug.php?id=72681> PHP Session Data
Injection Vulnerability

GD:

Bug #72697 <https://bugs.php.net/bug.php?id=72697> select_colors write
out-of-bounds
Bug #72730 <https://bugs.php.net/bug.php?id=72730> imagegammacorrect allows
arbitrary write access


EXIF:

Bug #72627 <https://bugs.php.net/bug.php?id=72627> Memory Leakage In
exif_process_IFD_in_TIFF



WDDX:

Bug #72749 <https://bugs.php.net/bug.php?id=72749> wddx_deserialize allows
illegal memory access
Bug #72750 <https://bugs.php.net/bug.php?id=72750> wddx_deserialize null
dereference
Bug #72790 <https://bugs.php.net/bug.php?id=72790> wddx_deserialize null
dereference with invalid xml
Bug #72799 <https://bugs.php.net/bug.php?id=72799> wddx_deserialize null
dereference in php_wddx_pop_element


PHP 7.0.10 only:

Core:

Bug #72742 <https://bugs.php.net/bug.php?id=72742> memory allocator fails
to realloc small block to large one


cURL:

Bug #72674 <https://bugs.php.net/bug.php?id=72674> Heap overflow in
curl_escape

Thanks,

Kaplan

Current thread:

CVE assignment for PHP 5.6.25 and 7.0.10 Lior Kaplan (Sep 02)
- Re: CVE assignment for PHP 5.6.25 and 7.0.10 - and libcurl cve-assign (Sep 02)