CVE 2015-4116
Use-after-free vulnerability in the spl_ptr_heap_insert function in ext/spl/spl_heap.c in PHP before 5.5.27 and 5.6.x before 5.6.11 allows remote attackers to execute arbitrary code by triggering a failed SplMinHeap::compare operation.
Related bugs and status
CVE-2015-4116 (Candidate) is related to these bugs:
Bug #1315888: Zlib functions (gzopen etc.) are undefined while gzopen64 etc. exist
Summary | In | Importance | Status | |||
---|---|---|---|---|---|---|
1315888 | Zlib functions (gzopen etc.) are undefined while gzopen64 etc. exist | php | Unknown | Unknown | ||
1315888 | Zlib functions (gzopen etc.) are undefined while gzopen64 etc. exist | php5 (Ubuntu Trusty) | High | Fix Released | ||
1315888 | Zlib functions (gzopen etc.) are undefined while gzopen64 etc. exist | php5 (Ubuntu) | High | Fix Released |
Bug #1594041: PHP Security Bug #68978: "XSS in header() with Internet Explorer" has not been backported
Summary | In | Importance | Status | |||
---|---|---|---|---|---|---|
1594041 | PHP Security Bug #68978: "XSS in header() with Internet Explorer" has not been backported | php5 (Ubuntu) | Undecided | Fix Released | ||
1594041 | PHP Security Bug #68978: "XSS in header() with Internet Explorer" has not been backported | php5 (Ubuntu Wily) | Undecided | Fix Released | ||
1594041 | PHP Security Bug #68978: "XSS in header() with Internet Explorer" has not been backported | php5 (Ubuntu Trusty) | Medium | Fix Released | ||
1594041 | PHP Security Bug #68978: "XSS in header() with Internet Explorer" has not been backported | php5 (Ubuntu Yakkety) | Undecided | Fix Released | ||
1594041 | PHP Security Bug #68978: "XSS in header() with Internet Explorer" has not been backported | php5 (Ubuntu Precise) | Medium | Fix Released | ||
1594041 | PHP Security Bug #68978: "XSS in header() with Internet Explorer" has not been backported | php5 (Ubuntu Xenial) | Undecided | Fix Released | ||
1594041 | PHP Security Bug #68978: "XSS in header() with Internet Explorer" has not been backported | php | Unknown | Unknown |
See the
CVE page on Mitre.org
for more details.