GCVE - cpe:2.3:a:php:php:5.4.0:beta2:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:php:php:5.4.0:beta2:*:*:*:*:*:*

part: a version: 5.4.0 update: beta2

Vendor	Php (`9aec2613-7a27-5ce5-8ac7-140851d8da4c`)
Product	Php (`38640b93-5029-5cca-a025-ab7d01c98b51`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from NVD CPE 2.0 feed

PURL mappings

PURL	Source	Last updated
`pkg:github/php/php-src`	purl2cpe	2026-06-01 10:17:42.460769

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2014-5120`	vulnerable	2026-06-03 14:34:05.488441	Details available gd_ctx.c in the GD component in PHP 5.4.x before 5.4.32 and 5.5.x before 5.5.16 does not ensure that pathnames lack %00 sequences, which might allow remote attackers to overwrite arbitrary files via crafted input to an application that calls the (1) imagegd, (2) imagegd2, (3) imagegif, (4) imagejpeg, (5) imagepng, (6) imagewbmp, or (7) imagewebp function. Published: 2014-08-23T01:00:00.000Z Updated: 2024-08-06T11:34:37.424Z Open on db.gcve.eu Reference links https://support.apple.com/HT204659 http://rhn.redhat.com/errata/RHSA-2014-1766.html https://bugs.php.net/bug.php?id=67730 http://php.net/ChangeLog-5.php http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2014-3597`	vulnerable	2026-06-03 14:33:55.512045	Details available Multiple buffer overflows in the php_parserr function in ext/standard/dns.c in PHP before 5.4.32 and 5.5.x before 5.5.16 allow remote DNS servers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted DNS record, related to the dns_get_record function and the dn_expand function. NOTE: this issue exists because of an incomplete fix for CVE-2014-4049. Published: 2014-08-23T01:00:00.000Z Updated: 2024-08-06T10:50:17.419Z Open on db.gcve.eu Reference links https://support.apple.com/HT204659 http://rhn.redhat.com/errata/RHSA-2014-1766.html http://secunia.com/advisories/60609 http://www.ubuntu.com/usn/USN-2344-1 http://php.net/ChangeLog-5.php	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2014-3587`	vulnerable	2026-06-03 14:33:55.452903	Details available Integer overflow in the cdf_read_property_info function in cdf.c in file through 5.19, as used in the Fileinfo component in PHP before 5.4.32 and 5.5.x before 5.5.16, allows remote attackers to cause a denial of service (application crash) via a crafted CDF file. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-1571. Published: 2014-08-23T01:00:00.000Z Updated: 2024-08-06T10:50:17.834Z Open on db.gcve.eu Reference links https://github.com/file/file/commit/0641e56be1af003aa02c7c6b0184466540637233 https://support.apple.com/HT204659 http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html http://www.ubuntu.com/usn/USN-2369-1 http://rhn.redhat.com/errata/RHSA-2014-1766.html	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2012-2336`	vulnerable	2026-06-03 14:31:52.657030	Details available sapi/cgi/cgi_main.c in PHP before 5.3.13 and 5.4.x before 5.4.3, when configured as a CGI script (aka php-cgi), does not properly handle query strings that lack an = (equals sign) character, which allows remote attackers to cause a denial of service (resource consumption) by placing command-line options in the query string, related to lack of skipping a certain php_getopt for the 'T' case. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-1823. Published: 2012-05-11T10:00:00.000Z Updated: 2024-08-06T19:34:23.585Z Open on db.gcve.eu Reference links http://lists.opensuse.org/opensuse-security-announce/2012-06/msg00004.html http://lists.opensuse.org/opensuse-security-announce/2012-07/msg00003.html https://bugs.php.net/patch-display.php?bug_id=61910&patch=CVE-2012-1823.patch&revision=1336251592&display=1 http://secunia.com/advisories/49014 https://bugs.php.net/bug.php?id=61910	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2012-2311`	vulnerable	2026-06-03 14:31:52.369184	Details available sapi/cgi/cgi_main.c in PHP before 5.3.13 and 5.4.x before 5.4.3, when configured as a CGI script (aka php-cgi), does not properly handle query strings that contain a %3D sequence but no = (equals sign) character, which allows remote attackers to execute arbitrary code by placing command-line options in the query string, related to lack of skipping a certain php_getopt for the 'd' case. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-1823. Published: 2012-05-11T10:00:00.000Z Updated: 2024-08-06T19:26:09.031Z Open on db.gcve.eu Reference links http://marc.info/?l=bugtraq&m=134012830914727&w=2 http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00011.html http://www.securitytracker.com/id?1027022 http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00002.html https://bugs.php.net/patch-display.php?bug_id=61910&patch=cgi.diff-fix-check.patch&revision=1336093719&display=1	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2011-4566`	vulnerable	2026-06-03 14:31:25.317203	Details available Integer overflow in the exif_process_IFD_TAG function in exif.c in the exif extension in PHP 5.4.0beta2 on 32-bit platforms allows remote attackers to read the contents of arbitrary memory locations or cause a denial of service via a crafted offset_val value in an EXIF header in a JPEG file, a different vulnerability than CVE-2011-0708. Published: 2011-11-29T00:00:00.000Z Updated: 2024-08-07T00:09:18.945Z Open on db.gcve.eu Reference links http://secunia.com/advisories/47253 http://www.securityfocus.com/bid/50907 http://www.debian.org/security/2012/dsa-2399 http://www.mandriva.com/security/advisories?name=MDVSA-2011:197 http://lists.opensuse.org/opensuse-security-announce/2012-03/msg00016.html	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.