KLA10514
Multiple vulnerabilities in PHP and plugins

Multiple serious vulnerabilities have been found in PHP. Malicious users can exploit these vulnerabilities to inject or execute arbitrary code, bypass security restrictions or cause denial of service.

Below is a complete list of vulnerabilities

1. Multiple use-after-free vulnerabilities can be exploited remotely via a specially designed call and input and vectors related to Phar archives renaming and;
2. Improper pathname truncation can be exploited remotely via a specailly designed arguments;
3. Integer overflow vulnerability can be exploited remotely via a specially designed ZIP archive;
4. An unknown vulnerability can be exploited remotely via a specially designed GIF image or ELF file;
5. Heap-based buffer overflow can be exploited remotely via vectors related to dictionaries;
6. Improper string-length handling can be exploited remotely via a specially designed files.

PHP versions earlier than 5.4.39
PHP 5.5 versions earlier than 5.5.23
PHP 5.6 versions earlier than 5.6.7

Update to the latest version
Get PHP