Vulnerabilities > PHP > PHP > 5.3.5
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2011-03-20 | CVE-2011-1466 | Numeric Errors vulnerability in PHP Integer overflow in the SdnToJulian function in the Calendar extension in PHP before 5.3.6 allows context-dependent attackers to cause a denial of service (application crash) via a large integer in the first argument to the cal_from_jd function. | 5.0 |
| 2011-03-20 | CVE-2011-1464 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in PHP Buffer overflow in the strval function in PHP before 5.3.6, when the precision configuration option has a large value, might allow context-dependent attackers to cause a denial of service (application crash) via a small numerical value in the argument. | 4.3 |
| 2011-03-20 | CVE-2011-0708 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in PHP exif.c in the Exif extension in PHP before 5.3.6 on 64-bit platforms performs an incorrect cast, which allows remote attackers to cause a denial of service (application crash) via an image with a crafted Image File Directory (IFD) that triggers a buffer over-read. | 4.3 |
| 2011-03-20 | CVE-2011-0421 | Denial Of Service vulnerability in libzip '_zip_name_locate()' NULL Pointer Dereference The _zip_name_locate function in zip_name_locate.c in the Zip extension in PHP before 5.3.6 does not properly handle a ZIPARCHIVE::FL_UNCHANGED argument, which might allow context-dependent attackers to cause a denial of service (NULL pointer dereference) via an empty ZIP archive that is processed with a (1) locateName or (2) statName operation. network php | 4.3 |
| 2011-03-18 | CVE-2011-1148 | Resource Management Errors vulnerability in PHP Use-after-free vulnerability in the substr_replace function in PHP 5.3.6 and earlier allows context-dependent attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact by using the same variable for multiple arguments. | 7.5 |
| 2011-03-16 | CVE-2011-1153 | USE of Externally-Controlled Format String vulnerability in PHP Multiple format string vulnerabilities in phar_object.c in the phar extension in PHP 5.3.5 and earlier allow context-dependent attackers to obtain sensitive information from process memory, cause a denial of service (memory corruption), or possibly execute arbitrary code via format string specifiers in an argument to a class method, leading to an incorrect zend_throw_exception_ex call. | 7.5 |
| 2011-03-15 | CVE-2011-1092 | Numeric Errors vulnerability in PHP Integer overflow in ext/shmop/shmop.c in PHP before 5.3.6 allows context-dependent attackers to cause a denial of service (crash) and possibly read sensitive memory via a large third argument to the shmop_read function. | 7.5 |
| 2011-02-19 | CVE-2011-0420 | Denial Of Service vulnerability in PHP 5.3.5 The grapheme_extract function in the Internationalization extension (Intl) for ICU for PHP 5.3.5 allows context-dependent attackers to cause a denial of service (crash) via an invalid size argument, which triggers a NULL pointer dereference. | 5.0 |