Fernando

**Name of the Vulnerable Software and Affected Versions** PHP versions prior to 5.6.37 PHP versions 7.0.x prior to 7.0.31 PHP versions 7.1.x prior to 7.1.20 PHP versions 7.2.x prior to 7.2.8 **Description** The issue is related to the linkinfo function in the ext/standard/link win32.c component of the PHP interpreter, which fails to implement the open basedir check on Windows. This could be exploited by a remote attacker to disclose protected information and find files on paths outside of the allowed directories. **Recommendations** For PHP versions prior to 5.6.37, update to version 5.6.37 or later. For PHP versions 7.0.x prior to 7.0.31, update to version 7.0.31 or later. For PHP versions 7.1.x prior to 7.1.20, update to version 7.1.20 or later. For PHP versions 7.2.x prior to 7.2.8, update to version 7.2.8 or later.

**Name of the Vulnerable Software and Affected Versions** PHP versions prior to 5.6.26 PHP versions 7.x prior to 7.0.11 **Description** The issue is related to a use-after-free vulnerability in the `wddx stack destroy` function. This vulnerability can be exploited by remote attackers via a wddxPacket XML document that lacks an end-tag for a recordset field element, leading to mishandling in a `wddx deserialize` call. The exploitation may cause a denial of service or possibly have other unspecified impacts. **Recommendations** For PHP versions prior to 5.6.26, update to version 5.6.26 or later. For PHP versions 7.x prior to 7.0.11, update to version 7.0.11 or later.

**Name of the Vulnerable Software and Affected Versions** PHP versions prior to 5.6.26 PHP versions 7.x prior to 7.0.11 **Description** The issue is caused by a buffer overflow in the ext/intl/msgformat/msgformat format.c component of the PHP interpreter. This can be exploited by a remote attacker to cause a denial of service through a call to `MessageFormatter::formatMessage`. The problem arises from the improper restriction of the locale length provided to the Locale class in the ICU library, allowing attackers to potentially crash the application or have other unspecified impacts by making a `MessageFormatter::formatMessage` call with a long first argument. **Recommendations** For PHP versions prior to 5.6.26, update to version 5.6.26 or later. For PHP versions 7.x prior to 7.0.11, update to version 7.0.11 or later. As a temporary workaround, consider restricting the use of the `MessageFormatter::formatMessage` function with long arguments until a patch is available.

**Name of the Vulnerable Software and Affected Versions** International Components for Unicode (ICU) versions through 57.1 **Description** The issue is a stack-based buffer overflow in the Locale class, which can be triggered by a long locale string. This can cause a denial of service, resulting in an application crash, and may have other unspecified impacts. **Recommendations** For versions through 57.1, update to a version that contains a fix for this issue to prevent potential crashes or other impacts.

**Name of the Vulnerable Software and Affected Versions** PHP versions prior to 5.6.25 PHP versions 7.x prior to 7.0.10 **Description** The issue is related to the `php wddx pop element` function, which can cause a denial of service due to a NULL pointer dereference and application crash when handling an invalid base64 binary value. This can be triggered by a `wddx deserialize` call that mishandles a binary element in a wddxPacket XML document. The vulnerability may allow remote attackers to have unspecified other impact. **Recommendations** For PHP versions prior to 5.6.25, update to version 5.6.25 or later. For PHP versions 7.x prior to 7.0.10, update to version 7.0.10 or later.

**Name of the Vulnerable Software and Affected Versions** PHP versions prior to 5.6.25 PHP versions 7.x prior to 7.0.10 **Description** The issue is related to the `php wddx process data` function, which does not properly check input data. This can be exploited by remote attackers to cause a denial of service, potentially resulting in a segmentation fault, by providing an invalid ISO 8601 time value. This can be demonstrated through a `wddx deserialize` call that mishandles a `dateTime` element in a `wddxPacket` XML document. **Recommendations** For PHP versions prior to 5.6.25, update to version 5.6.25 or later. For PHP versions 7.x prior to 7.0.10, update to version 7.0.10 or later.

**Name of the Vulnerable Software and Affected Versions** PHP versions prior to 5.6.25 PHP versions 7.x prior to 7.0.10 **Description** The issue is related to the `imagegammacorrect` function in the `ext/gd/gd.c` file, which does not properly validate gamma values. This allows remote attackers to cause a denial of service (out-of-bounds write) or possibly have other unspecified impacts by providing different signs for the second and third arguments. The vulnerability is associated with an out-of-bounds write in memory. **Recommendations** For PHP versions prior to 5.6.25, update to version 5.6.25 or later. For PHP versions 7.x prior to 7.0.10, update to version 7.0.10 or later.

**Name of the Vulnerable Software and Affected Versions** PHP versions prior to 5.6.25 PHP versions 7.x prior to 7.0.10 **Description** The issue is related to the `imagetruecolortopalette` function in the PHP interpreter, which does not properly validate the number of colors. This can lead to a denial of service due to an allocation error and out-of-bounds write, or possibly have other unspecified impacts. The vulnerability can be exploited by remote attackers via a large value in the third argument. **Recommendations** For PHP versions prior to 5.6.25, update to version 5.6.25 or later. For PHP versions 7.x prior to 7.0.10, update to version 7.0.10 or later.

**Name of the Vulnerable Software and Affected Versions** PHP versions prior to 5.6.25 PHP versions 7.x prior to 7.0.10 **Description** The issue is related to errors in pointer dereferencing in the ext/wddx/wddx.c component of the PHP interpreter. It can be exploited by a remote attacker to cause a denial of service through an invalid XML document. The exploitation may involve a wddxPacket XML document that is mishandled in a `wddx deserialize` call, potentially leading to a NULL pointer dereference and application crash. **Recommendations** For PHP versions prior to 5.6.25, update to version 5.6.25 or later. For PHP versions 7.x prior to 7.0.10, update to version 7.0.10 or later.

**Name of the Vulnerable Software and Affected Versions** PHP versions prior to 5.6.25 PHP versions 7.x prior to 7.0.10 **Description** The issue is related to errors in handling a malformed wddxPacket XML document in the wddx deserialize call, potentially leading to a denial of service or other unspecified impacts. This can be caused by a tag that lacks a < character. The vulnerability is associated with pointer dereference errors, which can be exploited by a remote attacker via a malformed XML document. **Recommendations** For PHP versions prior to 5.6.25, update to version 5.6.25 or later. For PHP versions 7.x prior to 7.0.10, update to version 7.0.10 or later.

**Name of the Vulnerable Software and Affected Versions** International Components for Unicode (ICU) versions prior to 57.1 **Description** The issue is related to the `uloc acceptLanguageFromHTTP` function in `common/uloc.cpp`, which does not ensure that there is a `0` character at the end of a certain temporary array. This allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a call with a long `httpAcceptLanguage` argument. **Recommendations** For versions prior to 57.1, update to version 57.1 or later to resolve the issue. As a temporary workaround, consider restricting the length of the `httpAcceptLanguage` argument to prevent out-of-bounds reads.

**Name of the Vulnerable Software and Affected Versions** PHP versions prior to 5.5.38 PHP versions 5.6.x prior to 5.6.24 PHP versions 7.x prior to 7.0.9 **Description** The issue is related to the locale accept from http function in PHP, which does not properly restrict calls to the ICU uloc acceptLanguageFromHTTP function. This allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a call with a long argument. **Recommendations** For PHP versions prior to 5.5.38, update to version 5.5.38 or later. For PHP versions 5.6.x prior to 5.6.24, update to version 5.6.24 or later. For PHP versions 7.x prior to 7.0.9, update to version 7.0.9 or later. As a temporary workaround, consider restricting access to the locale accept from http function until a patch is available.

**Name of the Vulnerable Software and Affected Versions** PHP versions prior to 5.5.36 PHP versions 5.6.x prior to 5.6.22 **Description** The issue is caused by an integer overflow in the `fread` function, which can be exploited by remote attackers to cause a denial of service or possibly have other unspecified impacts. This is achieved by providing a large integer in the second argument to the `fread` function. **Recommendations** For PHP versions prior to 5.5.36, update to version 5.5.36 or later. For PHP versions 5.6.x prior to 5.6.22, update to version 5.6.22 or later.

**Name of the Vulnerable Software and Affected Versions** PHP versions prior to 5.5.36 PHP versions 5.6.x prior to 5.6.22 PHP versions 7.x prior to 7.0.7 **Description** The issue is related to the `get icu value internal` function in PHP, which does not ensure the presence of a '0' character. This allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a crafted `locale get primary language` call. The vulnerability is associated with out-of-bounds reading in memory. **Recommendations** For PHP versions prior to 5.5.36, update to version 5.5.36 or later. For PHP versions 5.6.x prior to 5.6.22, update to version 5.6.22 or later. For PHP versions 7.x prior to 7.0.7, update to version 7.0.7 or later. As a temporary workaround, consider restricting the use of the `locale get primary language` function until a patch is available.

**Name of the Vulnerable Software and Affected Versions** GD Graphics Library versions prior to 2.1.1 PHP versions prior to 5.5.36 PHP versions 5.6.x prior to 5.6.22 PHP versions 7.x prior to 7.0.7 **Description** The issue allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a crafted image that is mishandled by the `imagescale` function. **Recommendations** For GD Graphics Library version prior to 2.1.1, update to version 2.1.1 or later. For PHP version prior to 5.5.36, update to version 5.5.36 or later. For PHP version 5.6.x prior to 5.6.22, update to version 5.6.22 or later. For PHP version 7.x prior to 7.0.7, update to version 7.0.7 or later.

**Name of the Vulnerable Software and Affected Versions** PHP versions prior to 5.5.35 PHP versions 5.6.x prior to 5.6.21 PHP versions 7.x prior to 7.0.6 **Description** The issue is related to the `grapheme stripos` function in PHP, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have other impacts via a negative offset. This is due to a buffer overflow vulnerability in the `grapheme string.c` file. **Recommendations** For PHP versions prior to 5.5.35, update to version 5.5.35 or later. For PHP versions 5.6.x prior to 5.6.21, update to version 5.6.21 or later. For PHP versions 7.x prior to 7.0.6, update to version 7.0.6 or later. As a temporary workaround, consider restricting access to the `grapheme stripos` function until a patch is available.

**Name of the Vulnerable Software and Affected Versions** PHP versions prior to 5.5.35 PHP versions 5.6.x prior to 5.6.21 PHP versions 7.x prior to 7.0.6 **Description** The issue is related to the `bcpowmod` function in PHP, which does not properly check input data. This allows remote attackers to cause a denial of service or possibly have other unspecified impacts via a crafted call to the function. The `bcpowmod` function is vulnerable when it accepts a negative integer for the `scale` argument. **Recommendations** For PHP versions prior to 5.5.35, update to version 5.5.35 or later. For PHP versions 5.6.x prior to 5.6.21, update to version 5.6.21 or later. For PHP versions 7.x prior to 7.0.6, update to version 7.0.6 or later.

**Name of the Vulnerable Software and Affected Versions** PHP versions prior to 5.5.35 PHP versions 5.6.x prior to 5.6.21 PHP versions 7.x prior to 7.0.6 **Description** The issue allows remote attackers to cause a denial of service or possibly have other impacts via crafted XML data in the second argument to the `xml parse into struct` function, leading to a parser level of zero. This is due to a buffer under-read and segmentation fault. The vulnerability can be exploited by a remote attacker using specially formed XML data. **Recommendations** For PHP versions prior to 5.5.35, update to version 5.5.35 or later. For PHP versions 5.6.x prior to 5.6.21, update to version 5.6.21 or later. For PHP versions 7.x prior to 7.0.6, update to version 7.0.6 or later.

**Name of the Vulnerable Software and Affected Versions** PHP versions prior to 5.5.34 PHP versions 5.6.x prior to 5.6.20 PHP versions 7.x prior to 7.0.5 **Description** The issue is caused by multiple integer overflows in the `mbfl strcut` function in PHP. This can be exploited by remote attackers to cause a denial of service, resulting in the application crashing, or possibly to execute arbitrary code via a crafted `mb strcut` call. **Recommendations** For PHP versions prior to 5.5.34, update to version 5.5.34 or later. For PHP versions 5.6.x prior to 5.6.20, update to version 5.6.20 or later. For PHP versions 7.x prior to 7.0.5, update to version 7.0.5 or later. As a temporary workaround, consider restricting the use of the `mb strcut` function until a patch is available.