GCVE - cpe:2.3:a:php:php:5.4.15:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:php:php:5.4.15:*:*:*:*:*:*:*

part: a version: 5.4.15 update: *

Vendor	Php (`9aec2613-7a27-5ce5-8ac7-140851d8da4c`)
Product	Php (`38640b93-5029-5cca-a025-ab7d01c98b51`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from NVD CPE 2.0 feed

PURL mappings

PURL	Source	Last updated
`pkg:github/php/php-src`	purl2cpe	2026-06-01 10:17:42.512684

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2016-7478`	vulnerable	2026-06-03 14:36:07.920687	Details available Zend/zend_exceptions.c in PHP, possibly 5.x before 5.6.28 and 7.x before 7.0.13, allows remote attackers to cause a denial of service (infinite loop) via a crafted Exception object in serialized data, a related issue to CVE-2015-8876. Published: 2017-01-11T06:02:00.000Z Updated: 2024-08-06T01:57:47.681Z Open on db.gcve.eu Reference links http://blog.checkpoint.com/wp-content/uploads/2016/12/PHP_Technical_Report.pdf http://www.securityfocus.com/bid/95150 https://www.youtube.com/watch?v=LDcaPstAuPk https://security.netapp.com/advisory/ntap-20180112-0001/ http://blog.checkpoint.com/2016/12/27/check-point-discovers-three-zero-day-vulnerabilities-web-programming-language-php-7	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2014-9912`	vulnerable	2026-06-03 14:34:28.417215	Details available The get_icu_disp_value_src_php function in ext/intl/locale/locale_methods.c in PHP before 5.3.29, 5.4.x before 5.4.30, and 5.5.x before 5.5.14 does not properly restrict calls to the ICU uresbund.cpp component, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a locale_get_display_name call with a long first argument. Published: 2017-01-04T20:00:00.000Z Updated: 2024-08-06T14:02:36.642Z Open on db.gcve.eu Reference links http://www.securityfocus.com/bid/68549 https://bugzilla.redhat.com/show_bug.cgi?id=1383569 http://www.openwall.com/lists/oss-security/2016/11/25/1 http://www.php.net/ChangeLog-5.php https://bugs.php.net/bug.php?id=67397	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2014-5120`	vulnerable	2026-06-03 14:34:05.492408	Details available gd_ctx.c in the GD component in PHP 5.4.x before 5.4.32 and 5.5.x before 5.5.16 does not ensure that pathnames lack %00 sequences, which might allow remote attackers to overwrite arbitrary files via crafted input to an application that calls the (1) imagegd, (2) imagegd2, (3) imagegif, (4) imagejpeg, (5) imagepng, (6) imagewbmp, or (7) imagewebp function. Published: 2014-08-23T01:00:00.000Z Updated: 2024-08-06T11:34:37.424Z Open on db.gcve.eu Reference links https://support.apple.com/HT204659 http://rhn.redhat.com/errata/RHSA-2014-1766.html https://bugs.php.net/bug.php?id=67730 http://php.net/ChangeLog-5.php http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2014-3597`	vulnerable	2026-06-03 14:33:55.512514	Details available Multiple buffer overflows in the php_parserr function in ext/standard/dns.c in PHP before 5.4.32 and 5.5.x before 5.5.16 allow remote DNS servers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted DNS record, related to the dns_get_record function and the dn_expand function. NOTE: this issue exists because of an incomplete fix for CVE-2014-4049. Published: 2014-08-23T01:00:00.000Z Updated: 2024-08-06T10:50:17.419Z Open on db.gcve.eu Reference links https://support.apple.com/HT204659 http://rhn.redhat.com/errata/RHSA-2014-1766.html http://secunia.com/advisories/60609 http://www.ubuntu.com/usn/USN-2344-1 http://php.net/ChangeLog-5.php	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2014-3587`	vulnerable	2026-06-03 14:33:55.459223	Details available Integer overflow in the cdf_read_property_info function in cdf.c in file through 5.19, as used in the Fileinfo component in PHP before 5.4.32 and 5.5.x before 5.5.16, allows remote attackers to cause a denial of service (application crash) via a crafted CDF file. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-1571. Published: 2014-08-23T01:00:00.000Z Updated: 2024-08-06T10:50:17.834Z Open on db.gcve.eu Reference links https://github.com/file/file/commit/0641e56be1af003aa02c7c6b0184466540637233 https://support.apple.com/HT204659 http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html http://www.ubuntu.com/usn/USN-2369-1 http://rhn.redhat.com/errata/RHSA-2014-1766.html	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2013-6420`	vulnerable	2026-06-03 14:33:26.171611	Details available The asn1_time_to_time_t function in ext/openssl/openssl.c in PHP before 5.3.28, 5.4.x before 5.4.23, and 5.5.x before 5.5.7 does not properly parse (1) notBefore and (2) notAfter timestamps in X.509 certificates, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted certificate that is not properly handled by the openssl_x509_parse function. Published: 2013-12-17T02:00:00.000Z Updated: 2024-08-06T17:39:01.267Z Open on db.gcve.eu Reference links http://www.debian.org/security/2013/dsa-2816 http://git.php.net/?p=php-src.git%3Ba=commit%3Bh=c1224573c773b6845e83505f717fbf820fc18415 http://rhn.redhat.com/errata/RHSA-2013-1824.html https://h20564.www2.hp.com/hpsc/doc/public/display?docId=emr_na-c04463322 http://lists.opensuse.org/opensuse-updates/2013-12/msg00126.html	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2013-4636`	vulnerable	2026-06-03 14:33:18.730242	Details available The mget function in libmagic/softmagic.c in the Fileinfo component in PHP 5.4.x before 5.4.16 allows remote attackers to cause a denial of service (invalid pointer dereference and application crash) via an MP3 file that triggers incorrect MIME type detection during access to an finfo object. Published: 2013-06-21T21:00:00.000Z Updated: 2024-09-16T18:49:25.628Z Open on db.gcve.eu Reference links https://bugs.php.net/bug.php?id=64830 http://www.php.net/ChangeLog-5.php	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2013-4635`	vulnerable	2026-06-03 14:33:18.729444	Details available Integer overflow in the SdnToJewish function in jewish.c in the Calendar component in PHP before 5.3.26 and 5.4.x before 5.4.16 allows context-dependent attackers to cause a denial of service (application hang) via a large argument to the jdtojewish function. Published: 2013-06-21T21:00:00.000Z Updated: 2024-08-06T16:52:26.600Z Open on db.gcve.eu Reference links http://www.securitytracker.com/id/1028699 http://secunia.com/advisories/54104 http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00007.html http://www.ubuntu.com/usn/USN-1905-1 http://www.php.net/ChangeLog-5.php	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2013-2110`	vulnerable	2026-06-03 14:32:53.704064	Details available Heap-based buffer overflow in the php_quot_print_encode function in ext/standard/quot_print.c in PHP before 5.3.26 and 5.4.x before 5.4.16 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted argument to the quoted_printable_encode function. Published: 2013-06-21T20:00:00.000Z Updated: 2024-08-06T15:27:40.659Z Open on db.gcve.eu Reference links http://www.securityfocus.com/bid/60411 http://www.ubuntu.com/usn/USN-1872-1 http://www.php.net/ChangeLog-5.php https://bugs.php.net/bug.php?id=64879 http://lists.apple.com/archives/security-announce/2013/Sep/msg00002.html	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.