GCVE - cpe:2.3:a:php:php:5.4.30:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:php:php:5.4.30:*:*:*:*:*:*:*

part: a version: 5.4.30 update: *

Vendor	Php (`9aec2613-7a27-5ce5-8ac7-140851d8da4c`)
Product	Php (`38640b93-5029-5cca-a025-ab7d01c98b51`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from NVD CPE 2.0 feed

PURL mappings

PURL	Source	Last updated
`pkg:github/php/php-src`	purl2cpe	2026-06-01 10:17:42.512768

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2016-7478`	vulnerable	2026-06-03 14:36:07.928742	Details available Zend/zend_exceptions.c in PHP, possibly 5.x before 5.6.28 and 7.x before 7.0.13, allows remote attackers to cause a denial of service (infinite loop) via a crafted Exception object in serialized data, a related issue to CVE-2015-8876. Published: 2017-01-11T06:02:00.000Z Updated: 2024-08-06T01:57:47.681Z Open on db.gcve.eu Reference links http://blog.checkpoint.com/wp-content/uploads/2016/12/PHP_Technical_Report.pdf http://www.securityfocus.com/bid/95150 https://www.youtube.com/watch?v=LDcaPstAuPk https://security.netapp.com/advisory/ntap-20180112-0001/ http://blog.checkpoint.com/2016/12/27/check-point-discovers-three-zero-day-vulnerabilities-web-programming-language-php-7	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2015-0232`	vulnerable	2026-06-03 14:34:29.252440	Details available The exif_process_unicode function in ext/exif/exif.c in PHP before 5.4.37, 5.5.x before 5.5.21, and 5.6.x before 5.6.5 allows remote attackers to execute arbitrary code or cause a denial of service (uninitialized pointer free and application crash) via crafted EXIF data in a JPEG image. Published: 2015-01-27T11:00:00.000Z Updated: 2024-08-06T04:03:10.640Z Open on db.gcve.eu Reference links http://www.mandriva.com/security/advisories?name=MDVSA-2015:032 http://www.debian.org/security/2015/dsa-3195 http://www.securityfocus.com/bid/72541 http://marc.info/?l=bugtraq&m=144050155601375&w=2 http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00029.html	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2015-0231`	vulnerable	2026-06-03 14:34:29.250050	Details available Use-after-free vulnerability in the process_nested_data function in ext/standard/var_unserializer.re in PHP before 5.4.37, 5.5.x before 5.5.21, and 5.6.x before 5.6.5 allows remote attackers to execute arbitrary code via a crafted unserialize call that leverages improper handling of duplicate numerical keys within the serialized properties of an object. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-8142. Published: 2015-01-27T11:00:00.000Z Updated: 2024-08-06T04:03:10.576Z Open on db.gcve.eu Reference links http://www.mandriva.com/security/advisories?name=MDVSA-2015:032 http://www.debian.org/security/2015/dsa-3195 http://marc.info/?l=bugtraq&m=144050155601375&w=2 https://bugzilla.redhat.com/show_bug.cgi?id=1185397 http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00029.html	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2014-9427`	vulnerable	2026-06-03 14:34:26.945709	Details available sapi/cgi/cgi_main.c in the CGI component in PHP through 5.4.36, 5.5.x through 5.5.20, and 5.6.x through 5.6.4, when mmap is used to read a .php file, does not properly consider the mapping's length during processing of an invalid file that begins with a # character and lacks a newline character, which causes an out-of-bounds read and might (1) allow remote attackers to obtain sensitive information from php-cgi process memory by leveraging the ability to upload a .php file or (2) trigger unexpected code execution if a valid PHP script is present in memory locations adjacent to the mapping. Published: 2015-01-03T02:00:00.000Z Updated: 2024-08-06T13:47:41.005Z Open on db.gcve.eu Reference links https://bugs.php.net/bug.php?id=68618 http://www.mandriva.com/security/advisories?name=MDVSA-2015:032 http://marc.info/?l=bugtraq&m=144050155601375&w=2 http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00029.html http://lists.apple.com/archives/security-announce/2015/Sep/msg00008.html	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2014-5120`	vulnerable	2026-06-03 14:34:05.492744	Details available gd_ctx.c in the GD component in PHP 5.4.x before 5.4.32 and 5.5.x before 5.5.16 does not ensure that pathnames lack %00 sequences, which might allow remote attackers to overwrite arbitrary files via crafted input to an application that calls the (1) imagegd, (2) imagegd2, (3) imagegif, (4) imagejpeg, (5) imagepng, (6) imagewbmp, or (7) imagewebp function. Published: 2014-08-23T01:00:00.000Z Updated: 2024-08-06T11:34:37.424Z Open on db.gcve.eu Reference links https://support.apple.com/HT204659 http://rhn.redhat.com/errata/RHSA-2014-1766.html https://bugs.php.net/bug.php?id=67730 http://php.net/ChangeLog-5.php http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2014-3670`	vulnerable	2026-06-03 14:34:00.808039	Details available The exif_ifd_make_value function in exif.c in the EXIF extension in PHP before 5.4.34, 5.5.x before 5.5.18, and 5.6.x before 5.6.2 operates on floating-point arrays incorrectly, which allows remote attackers to cause a denial of service (heap memory corruption and application crash) or possibly execute arbitrary code via a crafted JPEG image with TIFF thumbnail data that is improperly handled by the exif_thumbnail function. Published: 2014-10-29T10:00:00.000Z Updated: 2024-08-06T10:50:17.945Z Open on db.gcve.eu Reference links http://git.php.net/?p=php-src.git%3Ba=commit%3Bh=ddb207e7fa2e9adeba021a1303c3781efda5409b http://rhn.redhat.com/errata/RHSA-2014-1824.html http://secunia.com/advisories/59967 http://lists.opensuse.org/opensuse-updates/2014-11/msg00034.html http://rhn.redhat.com/errata/RHSA-2014-1767.html	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2014-3669`	vulnerable	2026-06-03 14:34:00.805249	Details available Integer overflow in the object_custom function in ext/standard/var_unserializer.c in PHP before 5.4.34, 5.5.x before 5.5.18, and 5.6.x before 5.6.2 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via an argument to the unserialize function that triggers calculation of a large length value. Published: 2014-10-29T10:00:00.000Z Updated: 2024-08-06T10:50:18.251Z Open on db.gcve.eu Reference links http://rhn.redhat.com/errata/RHSA-2014-1824.html http://secunia.com/advisories/59967 http://lists.opensuse.org/opensuse-updates/2014-11/msg00034.html http://rhn.redhat.com/errata/RHSA-2014-1767.html http://www.ubuntu.com/usn/USN-2391-1	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2014-3668`	vulnerable	2026-06-03 14:34:00.780097	Details available Buffer overflow in the date_from_ISO8601 function in the mkgmtime implementation in libxmlrpc/xmlrpc.c in the XMLRPC extension in PHP before 5.4.34, 5.5.x before 5.5.18, and 5.6.x before 5.6.2 allows remote attackers to cause a denial of service (application crash) via (1) a crafted first argument to the xmlrpc_set_type function or (2) a crafted argument to the xmlrpc_decode function, related to an out-of-bounds read operation. Published: 2014-10-29T10:00:00.000Z Updated: 2024-08-06T10:50:18.311Z Open on db.gcve.eu Reference links http://secunia.com/advisories/59967 http://lists.opensuse.org/opensuse-updates/2014-11/msg00034.html http://git.php.net/?p=php-src.git%3Ba=commit%3Bh=88412772d295ebf7dd34409534507dc9bcac726e http://rhn.redhat.com/errata/RHSA-2014-1767.html http://www.ubuntu.com/usn/USN-2391-1	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2014-3597`	vulnerable	2026-06-03 14:33:55.512787	Details available Multiple buffer overflows in the php_parserr function in ext/standard/dns.c in PHP before 5.4.32 and 5.5.x before 5.5.16 allow remote DNS servers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted DNS record, related to the dns_get_record function and the dn_expand function. NOTE: this issue exists because of an incomplete fix for CVE-2014-4049. Published: 2014-08-23T01:00:00.000Z Updated: 2024-08-06T10:50:17.419Z Open on db.gcve.eu Reference links https://support.apple.com/HT204659 http://rhn.redhat.com/errata/RHSA-2014-1766.html http://secunia.com/advisories/60609 http://www.ubuntu.com/usn/USN-2344-1 http://php.net/ChangeLog-5.php	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2014-3587`	vulnerable	2026-06-03 14:33:55.463868	Details available Integer overflow in the cdf_read_property_info function in cdf.c in file through 5.19, as used in the Fileinfo component in PHP before 5.4.32 and 5.5.x before 5.5.16, allows remote attackers to cause a denial of service (application crash) via a crafted CDF file. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-1571. Published: 2014-08-23T01:00:00.000Z Updated: 2024-08-06T10:50:17.834Z Open on db.gcve.eu Reference links https://github.com/file/file/commit/0641e56be1af003aa02c7c6b0184466540637233 https://support.apple.com/HT204659 http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html http://www.ubuntu.com/usn/USN-2369-1 http://rhn.redhat.com/errata/RHSA-2014-1766.html	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.