This is the list of bugfixes, found in minor versions of PHP that may impact your code.
| Title | 7.3 | 7.2 | 7.1 | 7.0 | php-src | Bugs | CVE |
|---|---|---|---|---|---|---|---|
| Opcache causes incorrect "undefined variable" errors | - | 7.1.18 | 7.1.18 | 7.1.18 | - | #76281 | - |
| PHP crashes when parsing `(2)::class` | - | 7.2.15 | - | - | - | #77530 | - |
| feof might hang on TLS streams in case of fragmented TLS records | - | 7.2.15 | - | - | - | #77390 | - |
| parse_str segfaults when inserting item into existing array | - | 7.2.15 | - | - | - | #77439 | - |
| Serializing or unserializing COM objects crashes | - | 7.2.14 | - | - | - | #77177 | - |
| DateTime::diff gives wrong diff when the actual diff is less than 1 second | - | 7.2.14 | - | - | - | #77097 | - |
| Incorrect error handling of imagecreatefromjpeg() | - | 7.2.14 | - | - | - | #77195 | - |
| heap buffer overflow in multibyte match_at | - | 7.2.14 | - | - | - | #77381 | - |
| heap buffer overflow due to incorrect length in expand_case_fold_string | - | 7.2.14 | - | - | - | #77382 | - |
| Buffer overflow in multibyte case folding - unicode | - | 7.2.14 | - | - | - | #77394 | - |
| Heap overflow in utf32be_mbc_to_code | - | 7.2.14 | - | - | - | #77418 | - |
| Issue with re-binding on SQLite3 | - | 7.2.14 | - | - | - | #77051 | - |
| Year component overflow with date formats "c", "o", "r" and "y" | - | 7.2.12 | 7.1.24 | - | - | #75851 | - |
| U_ARGUMENT_TYPE_MISMATCH | - | 7.2.12 | 7.1.24 | - | - | #76942 | - |
| tidy::getOptDoc() not available on Windows | - | 7.2.12 | 7.1.24 | - | - | #77027 | - |
| fractions in `diff()` are not correctly normalized | - | 7.2.12 | - | - | - | #77007 | - |
| ReflectionFunction::invoke does not invoke closure with object scope | - | 7.2.12 | - | - | - | #66430 | - |
| method_exists on SPL iterator passthrough method corrupts memory | - | 7.2.11 | 7.1.23 | - | - | #76901 | - |
| Wrong exception being thrown when using ReflectionMethod | - | 7.2.11 | 7.1.23 | - | - | #74454 | - |
| php_zlib_inflate_filter() may not update bytes_consumed | - | 7.2.11 | 7.1.23 | - | - | #75273 | - |
| Memory leak when fetching a BLOB field | - | 7.2.9 | - | - | - | #76488 | - |
| Possible Memory Leak using PDO::CURSOR_SCROLL option | - | 7.2.9 | - | - | - | #75402 | - |
| Segmentation fault when using `output_add_rewrite_var` | - | 7.2.9 | - | - | - | #76643 | - |
| ZipArchive memory leak (OVERWRITE flag and empty archive) | - | 7.2.9 | - | - | - | #76524 | - |
| openssl_pkey_get_public does not respect open_basedir | - | 7.2.7 | - | - | - | #76296 | - |
| NoRewindIterator segfault 11 | - | 7.2.7 | - | - | - | #76367 | - |
| exif_read_data zend_mm_heap corrupted | - | 7.2.6 | - | - | - | #76164 | - |
| incorrect url in header for mt_rand | - | 7.2.5 | 7.1.17 | - | - | #75996 | - |
| Heap Buffer Overflow (READ: 1786) in exif_iif_add_value | - | 7.2.5 | - | 7.0.30 | - | #76130 | - |
| Intl compilation fails with icu4c 61.1 | - | 7.2.5 | - | - | - | #76153 | - |
| mbstring does not build with Oniguruma 6.8.1 | - | 7.2.5 | - | - | - | #76113 | - |
| Access violation when using opcache | - | 7.2.5 | - | - | - | #76094 | - |
| Segfault while throwing exception in error_handler | - | 7.2.4 | 7.1.15 | 7.0.29 | - | #76025 | - |
| wrong unicode mapping in some charsets | - | 7.2.4 | 7.1.15 | 7.0.29 | - | #62545 | - |
| Assertion failure in live range DCE due to block pass misoptimization | - | 7.2.4 | 7.1.15 | 7.0.29 | - | #75969 | - |
| Segmentation fault in buildFromIterator when directory name contains a \n | - | 7.2.4 | 7.1.15 | 7.0.29 | - | #76085 | - |
| Strange references behavior | - | 7.2.4 | 7.1.15 | 7.0.29 | - | #75961 | - |
| Timezone gets truncated when formatted | - | 7.2.3 | 7.1.15 | - | - | #75857 | - |
| Argument 2 for `DateTimeZone::listIdentifiers()` should accept `null` | - | 7.2.3 | 7.1.15 | - | - | #75928 | - |
| deal with leading slash while adding files correctly | - | 7.2.3 | 7.1.15 | - | - | #65414 | - |
| strange behavior of AppendIterator | - | 7.2.3 | 7.1.15 | - | - | #74519 | - |
| DNS_CAA record results contain garbage | - | 7.2.3 | 7.1.15 | - | - | #75916 | - |
| Prevent reading beyond buffer start in http wrapper | - | 7.2.3 | 7.1.15 | - | - | #75981 | - |
| Phar::extractTo() does not accept specific directories to be extracted | - | 7.2.3 | - | - | - | #54289 | - |
| opcache segfault when installing Bitrix | - | 7.2.3 | - | - | - | #75729 | - |
| file_get_contents $http_response_header variable bugged with opcache | - | 7.2.3 | - | - | - | #75893 | - |
| Path 260 character problem | - | 7.2.2 | 7.1.14 | - | - | #75679 | - |
| SoapClient generates E_ERROR even if exceptions=1 is used | - | 7.2.2 | 7.1.14 | - | - | #70469 | - |
| RecursiveArrayIterator does not traverse arrays by reference | - | 7.2.2 | 7.1.14 | - | - | #75717 | - |
| RecursiveArrayIterator doesn't have constants from parent class | - | 7.2.2 | 7.1.14 | - | - | #75242 | - |
| RecursiveArrayIterator does not iterate object properties | - | 7.2.2 | 7.1.14 | - | - | #73209 | - |
| substr_count incorrect result | - | 7.2.2 | 7.1.14 | - | - | #75781 | - |
| Using @ crashes php7.2-fpm | - | 7.2.2 | - | - | - | #75698 | - |
| array_values don't work on empty array | - | 7.2.2 | - | - | - | #75653 | - |
| php-process crash when is_file() is used with strings longer 260 chars | - | 7.2.1 | 7.1.13 | - | - | #75074 | - |
| Potential infinite loop in gdImageCreateFromGifCtx | - | 7.2.1 | 7.1.13 | - | - | #75571 | - |
| remove file name from output to avoid XSS | - | 7.2.1 | 7.1.13 | - | - | #74782 | - |
| mt_rand returns value outside [$min,$max]+ on 32-bit) (Remi)
|
- | 7.2.1 | 7.1.13 | - | - | #75514 | - |
| accept EFAULT in addition to ENOSYS as indicator that getrandom() is missing | - | 7.2.1 | 7.1.13 | - | - | #75409 | - |
| Segfault with libzip 1.3.1 | - | 7.2.1 | 7.1.13 | - | - | #75540 | - |
| Invalid opcode 138/1/1 | - | 7.2.1 | - | - | - | #75556 | - |
| MessageFormatter::formatMessage memory corruption with 11+ named placeholders | - | - | 7.1.22 | - | - | #74484 | - |
| unusable ssl => peer_fingerprint in stream_context_create() | - | - | 7.1.22 | - | - | #76705 | - |
| RegexIterator pregFlags are NULL instead of 0 | - | - | 7.1.22 | - | - | #68175 | - |
| Zlib version check fails when an include/zlib/ style dir is passed to the --with-zlib configure option | - | - | 7.1.22 | - | - | #65988 | - |
| Int Overflow lead to Heap OverFlow in exif_thumbnail_extract of exif.c | - | - | 7.1.20 | 7.0.31 | - | #76423 | - |
| heap-buffer-overflow (READ of size 48) while reading exif data | - | - | 7.1.20 | 7.0.31 | - | #76557 | - |
| PHP hangs on 'illegal string offset on string references with an error handler | - | - | 7.1.20 | - | - | #76534 | - |
| Chain of mixed exceptions and errors does not serialize properly | - | - | 7.1.20 | - | - | #76502 | - |
| Undefined property: DateInterval::$f | - | - | 7.1.20 | - | - | #76462 | - |
| Integer Underflow when unserializing GMP and possible other classes | - | - | 7.1.20 | - | - | #74670 | - |
| PHP crashes with core dump when throwing exception in error handler | - | - | 7.1.20 | - | - | #76536 | - |
| ReflectionProperty#getValue() incorrectly works with inherited classes | - | - | 7.1.20 | - | - | #75231 | - |
| getimagesize with $imageinfo returns false | - | - | 7.1.20 | - | - | #71848 | - |
| self keyword leads to incorrectly generated TypeError when in closure in trait | - | - | 7.1.14 | - | - | #75079 | - |
| Builtin webserver crash after chdir in a shutdown function | - | - | 7.1.12 | 7.0.26 | - | #75287 | - |
| Enchant still reports version 1.1.0 | - | - | 7.1.12 | 7.0.26 | - | #75365 | - |
| Exif extension has built in revision version | - | - | 7.1.12 | 7.0.26 | - | #75301 | - |
| imagerotate may alter image dimensions | - | - | 7.1.12 | 7.0.26 | - | #65148 | - |
| Wrong reflection on imagewebp | - | - | 7.1.12 | 7.0.26 | - | #75437 | - |
| UConverter::setDestinationEncoding changes source instead of destination | - | - | 7.1.12 | 7.0.26 | - | #75317 | - |
| Null pointer dereference in zend_mm_alloc_small() | - | - | 7.1.11 | 7.0.25 | - | #75241 | - |
| infinite loop when printing an error-message | - | - | 7.1.11 | 7.0.25 | - | #75236 | - |
| debug info of Closures of internal functions contain garbage argument names | - | - | 7.1.11 | 7.0.25 | - | #75290 | - |
| error: 'zend_hash_key' has no member named 'arKey' in apache2handler | - | - | 7.1.11 | 7.0.25 | - | #75311 | - |
| The parameter of UConverter::getAliases() is not optional | - | - | 7.1.11 | 7.0.25 | - | #75318 | - |
| arcfour encryption stream filter crashes php | - | - | 7.1.11 | 7.0.25 | - | #72535 | - |
| applied upstream patch for CVE-2016-1283 | - | - | 7.1.11 | 7.0.25 | - | #75207 | - |
| SplDoublyLinkedList::setIteratorMode masks intern flags | - | - | 7.1.11 | 7.0.25 | - | #73629 | - |
| Data corruption when reading fields of bit type | - | - | 7.1.11 | - | - | #75018 | - |
| Request hangs and not finish | - | - | 7.1.11 | - | - | #75255 | - |
| Type 'bit' is fetched as unexpected string | - | - | 7.1.11 | - | - | #75177 | - |
| run-tests.php issues with EXTENSION block | - | - | 7.1.10 | 7.0.24 | - | #75042 | - |
| BC math handles minus zero incorrectly | - | - | 7.1.10 | 7.0.24 | - | #46781 | - |
| libgd/gd_interpolation.c:1786: suspicious if ? | - | - | 7.1.10 | 7.0.24 | - | #75139 | - |
| incorrect behavior of AppendIterator::append in foreach loop | - | - | 7.1.10 | 7.0.24 | - | #75173 | - |
| gethostname fails if your host name is 64 chars long | - | - | 7.1.10 | 7.0.24 | - | #75097 | - |
| AppendIterator::append() is broken when appending another AppendIterator | - | - | 7.1.10 | - | - | #75155 | - |
| signed integer overflow in parse_iv | - | - | 7.1.10 | - | - | #75152 | - |
| Fixed finding CURL on systems with multiarch support | - | - | 7.1.9 | 7.0.23 | - | #74125 | - |
| include_path has a 4096 char limit in some cases | - | - | 7.1.9 | 7.0.23 | - | #74991 | - |
| null pointer dereference in _function_string | - | - | 7.1.9 | 7.0.23 | - | #74949 | - |
| Unserialize ArrayIterator broken | - | - | 7.1.9 | 7.0.23 | - | #74669 | - |
| Crash in recursive iterator destructors | - | - | 7.1.9 | 7.0.23 | - | #75015 | - |
| unpack with X* causes infinity loop | - | - | 7.1.9 | 7.0.23 | - | #75075 | - |
| heap-use-after-free when unserializing invalid array size | - | - | 7.1.9 | 7.0.23 | - | #74103 | - |
| A Denial of Service Vulnerability was found when performing deserialization | - | - | 7.1.9 | 7.0.23 | - | #75054 | - |
| Main CWD initialized with wrong codepage | - | - | 7.1.9 | - | - | #75063 | - |
| Narrowing occurred during type inference | - | - | 7.1.9 | - | - | #74980 | - |
| Url Rewriting (trans_sid) not working on urls that start with "#" | - | - | 7.1.9 | - | - | #74892 | - |
| Appending AppendIterator leads to segfault | - | - | 7.1.9 | - | - | #74977 | - |
| parse_url() broken when query string contains colon | - | - | 7.1.8 | 7.0.22 | - | #74780 | - |
| Use After Free in unserialize() SplFixedArray | - | - | 7.1.8 | 7.0.22 | - | #73900 | - |
| property_exists returns true on unknown DateInterval property | - | - | 7.1.8 | 7.0.22 | - | #74852 | - |
| Heap buffer overread (READ: 1) finish_nested_data from unserialize | - | - | 7.1.7 | 7.0.21 | - | #74111 | - |
| References to deleted XPath query results | - | - | 7.1.7 | 7.0.21 | - | #69373 | - |
| Stack Buffer Overflow in msgfmt_parse_message | - | - | 7.1.7 | 7.0.21 | - | #73473 | - |
| Wrong reflection on Collator::getSortKey and collator_get_sort_key | - | - | 7.1.7 | 7.0.21 | - | #74705 | - |
| Segfault with opcache.memory_protect and validate_timestamp | - | - | 7.1.7 | 7.0.21 | - | #74663 | - |
| Segfault when cast Reflection object to string with undefined constant | - | - | 7.1.7 | 7.0.21 | - | #74673 | - |
| null coalescing operator failing with SplFixedArray | - | - | 7.1.7 | 7.0.21 | - | #74478 | - |
| ftp:// wrapper ignores context arg | - | - | 7.1.7 | 7.0.21 | - | #74598 | - |
| Phar::__construct reflection incorrect | - | - | 7.1.7 | 7.0.21 | - | #74386 | - |
| Incorrect conversion array with WSDL_CACHE_MEMORY | - | - | 7.1.7 | 7.0.21 | - | #74679 | - |
| implement clone for DatePeriod and DateInterval | - | - | 7.1.7 | - | - | #74639 | - |
| Segfault when using convert.quoted-printable-encode filter | - | - | - | 7.0.33 | - | #77231 | - |
| PharData always creates new files with mode 0666 | - | - | - | 7.0.33 | - | #77022 | - |
| Heap Buffer Overflow (READ: 4) in phar_parse_pharfile | - | - | - | 7.0.33 | - | #77143 | - |
| Null Pointer Dereference in timelib_time_clone | - | - | - | 7.0.23 | - | #75002 | - |
| grapheme_strpos illegal memory access | - | - | - | 7.0.21 | - | #73634 | - |
| Segmentation fault in PHP7.1.1(compiled using the bundled PCRE library) | - | - | - | 7.0.21 | - | #74087 | - |
| Invalid Reflection signatures for random_bytes and random_int | - | - | - | 7.0.21 | - | #74708 | - |
| Heap buffer overflow in substr | - | - | - | 7.0.21 | - | #73648 | - |
| PDO MySQL segfaults with persistent connection | 7.3.2 | - | - | - | - | #77289 | - |
| Segmentation Fault when executing method with an empty parameter | 7.3.2 | - | - | - | - | #77410 | - |
| preg_split does not raise an error on invalid UTF-8 | 7.3.4 | - | - | - | - | #76127 | - |
| var_export() does not create a parsable value for PHP_INT_MIN | 7.3.4 | - | - | - | - | #76717 | - |
| Interface gets skipped if autoloader throws an exception | 7.3.7 | - | - | - | - | #76980 | - |
| openssl_encrypt_ccm.phpt fails with OpenSSL 1.1.1c | 7.3.7 | - | - | - | - | #78079 | - |
| Extract with EXTR_SKIP should skip $this | 7.3.7 | - | - | - | - | #77135 | - |
| preg_match failed | 7.3.7 | - | - | - | - | #77937 | - |
| heap-buffer-overflow on php_jpg_get16) (CVE-2019-11040 | 7.3.6 | - | - | - | - | #77988 | - |
| imageantialias($image, false); does not work | 7.3.6 | - | - | - | - | #77943 | - |
| Use after free with json serializer | 7.3.6 | - | - | - | - | #77843 | - |
| Warning for array_map mentions wrong type | 7.3.6 | - | - | - | - | #77931 | - |
| strip_tags output change since PHP 7.3 | 7.3.6 | - | - | - | - | #78003 | - |
| wrong reflection on Collator::sortWithSortKeys | - | - | 7.1.6 | 7.0.20 | - | #74468 | - |
| mysqli::change_user() doesn't accept null as $database argument w/strict_types | - | - | 7.1.6 | 7.0.20 | - | #74547 | - |
| SIGSEGV with opcache.revalidate_path enabled | - | - | 7.1.6 | 7.0.20 | - | #74596 | - |
| Phar::webPhar() does not handle requests sent through PUT and DELETE method | - | - | 7.1.6 | 7.0.20 | - | #51918 | - |
| Wrong reflection on XMLReader::expand | - | - | 7.1.6 | 7.0.20 | - | #74457 | - |
| __DIR__ wrong for unicode character | - | - | 7.1.6 | - | - | #74589 | - |
| Wrong reflection on DOMNode::cloneNode | - | - | 7.1.5 | 7.0.19 | - | #74416 | - |
| phar method parameters reflection correction | - | - | 7.1.5 | 7.0.19 | - | #74383 | - |
| setcookie allows max-age to be negative | - | - | 7.1.5 | 7.0.19 | - | #72071 | - |
| multiple catch freezes in some cases | - | - | 7.1.5 | - | - | #74444 | - |
| Intl does not support DateTimeImmutable | - | - | 7.1.5 | - | - | #65683 | - |
| IntlDateFormatter->format() doesn't return microseconds/fractions | - | - | 7.1.5 | - | - | #74298 | - |
| Segmentation error while running a script in CLI mode | - | - | 7.1.5 | - | - | #74456 | - |
| foreach infinite loop | - | - | 7.1.5 | - | - | #74431 | - |
| Opcached version produces a nested array | - | - | 7.1.5 | - | - | #74442 | - |
| yield fromLABEL is over-greedy | - | - | 7.1.4 | 7.0.18 | - | #74302 | - |
| Swatch time value incorrect for dates before 1970 | - | - | 7.1.4 | 7.0.18 | - | #72096 | - |
| fwrite() on non-blocking SSL sockets doesn't work | - | - | 7.1.4 | 7.0.18 | - | #72333 | - |
| Correctly fail on invalid IP address ports | - | - | 7.1.4 | 7.0.18 | - | #74216 | - |
| array_key_exists fails on arrays created by get_object_vars | - | - | 7.1.3 | 7.0.17 | - | #73998 | - |
| NAN check fails on Alpine Linux with musl | - | - | 7.1.3 | 7.0.17 | - | #73954 | - |
| gost-crypto hash incorrect if input data contains long 0xFF sequence | - | - | 7.1.3 | 7.0.17 | - | #73127 | - |
| ReflectionFunction for imagepng is missing last two parameters | - | - | 7.1.3 | 7.0.17 | - | #74031 | - |
| is_callable callable name reports misleading value for anonymous classes | - | - | 7.1.3 | 7.0.17 | - | #73118 | - |
| Segfault with nested generators | - | - | 7.1.3 | - | - | #74157 | - |
| PHP hangs when an invalid value is dynamically passed to typehinted by-ref arg | - | - | 7.1.3 | - | - | #74164 | - |
| Memory leak with openssl_encrypt() | - | - | 7.1.3 | - | - | #74099 | - |
| substr_count with length=0 broken | - | - | 7.1.3 | - | - | #74041 | - |
| dns_get_record does not populate $additional out parameter | - | - | 7.1.1 | 7.0.15 | - | #73594 | - |
| incorrect reflection for SQLite3::enableExceptions | - | - | - | 7.0.19 | - | #74413 | - |
| DateTime wrong when date string is negative | - | - | - | 7.0.17 | - | #73294 | - |
| wrong timestamp when call setTimeZone multi times with UTC offset | - | - | - | 7.0.17 | - | #73489 | - |
| $date->modify('Friday this week') doesn't return a Friday if $date is a Sunday | - | - | - | 7.0.17 | - | #73942 | - |
| ReflectionFunction incorrectly reports the number of arguments | - | - | - | 7.0.17 | - | #74148 | - |
| Unsetting result set may reset other result set | - | - | - | 7.0.14 | - | #73530 | - |
| version_compare illegal write access | - | - | - | 7.0.14 | - | #73645 | - |
| Integer Overflow in php_html_entities() | - | - | - | 7.0.14 | - | #72135 | - |
| parse_str() without a second argument leads to crash | - | - | - | 7.0.13 | - | #73181 | - |
| session_unset() empties values from all variables in which is $_session stored | - | - | - | 7.0.13 | - | #73273 | - |
| array_replace_recursive sometimes mutates its parameters | - | - | - | 7.0.13 | - | #71241 | - |
| parse_url return wrong hostname | - | - | - | 7.0.13 | - | #73192 | - |
| crypt broken when salt is 'too' long | - | - | - | 7.0.12 | - | #73058 | - |
| Write out of bounds at number_format | - | - | - | 7.0.12 | - | #73240 | - |
| Use After Free in PHP7 unserialize() | - | - | - | 7.0.12 | - | #73147 | - |
| mb_substr only takes 32-bit signed integer | - | - | - | 7.0.12 | - | #66797 | - |
| \PDOStatement::nextRowset() should succeed when all rows in current rowset haven't been fetched | - | - | - | 7.0.12 | - | #67130 | - |
| SplObjectStorage unserialize allows use of non-object as key | - | - | - | 7.0.12 | - | #73258 | - |
| crash in openssl_random_pseudo_bytes function | - | - | - | 7.0.12 | - | #73276 | - |
| crash in openssl_encrypt function | - | - | - | 7.0.12 | - | #73275 | - |
| substr_compare NULL length interpreted as 0 | - | - | - | 7.0.11 | - | #55451 | - |
| getimagesize returning FALSE on valid jpg | - | - | - | 7.0.11 | - | #72278 | - |
| assign_dim on string doesn't reset hval | - | - | - | 7.0.11 | - | #72943 | - |
| getConstant for a array constant with constant values returns NULL/NFC/UKNOWN | - | - | - | 7.0.11 | - | #72846 | - |
| FILTER_FLAG_NO_RES_RANGE does not cover whole 127.0.0.0/8 range | - | - | - | 7.0.10 | - | #71745 | - |
| microtime() leaks memory | - | - | - | 7.0.10 | - | #72024 | - |
| curl_setopt segfault with empty CURLOPT_HTTPHEADER | - | - | - | 7.0.10 | - | #71709 | - |
| Spurious warning when exception is thrown in user defined function | - | - | - | 7.0.10 | - | #72668 | - |
| base64_decode $strict fails to detect null byte | - | - | - | 7.0.10 | - | #72152 | - |
| base64_decode skips a character after padding in strict mode | - | - | - | 7.0.10 | - | #72263 | - |
| base64_decode $strict fails with whitespace between padding | - | - | - | 7.0.10 | - | #72264 | - |
| Certification information (CERTINFO) data parsing error | - | - | - | 7.0.10 | - | #71929 | - |
| array_walk + array_replace_recursive create references from nothing | - | - | - | 7.0.10 | - | #72622 | - |
| base64_decode $strict fails to detect null byte | - | - | - | 7.0.10 | - | #72152 | - |
| base64_decode skips a character after padding in strict mode | - | - | - | 7.0.10 | - | #72263 | - |
| base64_decode $strict fails with whitespace between padding | - | - | - | 7.0.10 | - | #72264 | - |
| Use After Free in unserialize() with Unexpected Session Deserialization | - | - | - | 7.0.9 | - | #72562 | - |
| Use After Free Vulnerability in SNMP with GC and unserialize() | - | - | - | 7.0.9 | - | #72479 | - |
| mb_ereg_replace - mbc_to_code (oniguruma) - oob read access | - | - | - | 7.0.9 | - | #72405 | - |
| ZipArchive class Use After Free Vulnerability in PHP's GC algorithm and unserialize | - | - | - | 7.0.8 | - | #72434 | CVE-2016-5773 |
| segfault, past-the-end access | - | - | - | 7.0.8 | - | #72221 | - |
| Integer Overflow in nl2br() | - | - | - | 7.0.8 | - | #72268 | - |
| Integer Overflow in addcslashes/addslashes | - | - | - | 7.0.8 | - | #72400 | - |
| range() with float step produces unexpected result | - | - | - | 7.0.8 | - | #72017 | - |
| dns_get_record returns array containing elements of type 'unknown' | - | - | - | 7.0.8 | - | #72193 | - |
| Wrong reference when serialize/unserialize an object | - | - | - | 7.0.8 | - | #72229 | - |
| use-after-free - error_reporting | - | - | - | 7.0.7 | - | #72162 | - |
| implode() inserts garbage into resulting string when joins very big integer | - | - | - | 7.0.7 | - | #72100 | - |
| ?? is not allowed on constant expressions | - | - | - | 7.0.7 | - | #72059 | - |
| Cyclic references causing session_start(): Failed to decode session object | - | - | - | 7.0.7 | - | #71972 | - |
| Null Pointer Dereference - mb_ereg_replace | - | - | - | 7.0.7 | - | #72164 | - |
| Crash on assert(new class{}) | - | - | - | 7.0.6 | - | #71922 | - |
| Cannot access array keys while uksort() | - | - | - | 7.0.6 | - | #71334 | - |
| Out of bounds heap read access in exif header processing | - | - | - | 7.0.6 | - | #72094 | CVE-2016-4542, CVE-2016-4543, CVE-2016-4544 |
| Missing constant: IntlChar::NO_NUMERIC_VALUE | - | - | - | 7.0.6 | - | #70455 | - |
| array_fill optimization breaks implementation | - | - | - | 7.0.6 | - | #72116 | - |
| Unserialize crushes on restore object reference | - | - | - | 7.0.6 | - | #71940 | - |
| str_replace returns an incorrect resulting array after a foreach by reference | - | - | - | 7.0.6 | - | #71969 | - |
| Unserialize accepts wrongly data | - | - | - | 7.0.6 | - | #71840 | - |
| substr_replace bug, string length | - | - | - | 7.0.6 | - | #71827 | - |
| php_crypt() crashes if crypt_r() does not exist or _REENTRANT is not defined | - | - | - | 7.0.6 | - | #67512 | - |
| yield from does not count EOLs | - | - | - | 7.0.5 | - | #71724 | - |
| Support constant CURLM_ADDED_ALREADY | - | - | - | 7.0.5 | - | #71694 | - |
| Variable references on array elements don't work when using count | - | - | - | 7.0.4 | - | #71529 | - |
| Multiple Heap Overflow due to integer overflows in xml/filter_url/addcslashes | - | - | - | 7.0.4 | - | #71637 | CVE-2016-4344, CVE-2016-4345, CVE-2016-4346 |
| strip_tags improper php code parsing | - | - | - | 7.0.4 | - | #70720 | - |
| An integer overflow bug in php_implode() could lead heap overflow, make crashes | - | - | - | 7.0.4 | - | #71449 | - |
| An integer overflow bug in php_str_to_str_ex() led arbitrary code execution. | - | - | - | 7.0.4 | - | #71450 | - |
| round() segfault on 64-bit builds | - | - | - | 7.0.3 | - | #71201 | - |
| Null pointer deref (segfault) in get_defined_vars via ob_start | - | - | - | 7.0.3 | - | #71221 | - |
| var_export(INF) prints INF.0 | - | - | - | 7.0.3 | - | #71314 | - |
| Wrong is_ref on properties as exposed via get_object_vars() | - | - | - | 7.0.3 | - | #71336 | - |
| curl_setopt() fails to set CURLOPT_POSTFIELDS with reference to CURLFile | - | - | - | 7.0.3 | - | #71225 | - |
| Memory Read via gdImageRotateInterpolated Array Index Out of Bounds | - | - | - | 7.0.3 | - | #70976 | - |
| range() segfaults | - | - | - | 7.0.3 | - | #71197 | - |
| range() segfaults | - | - | - | 7.0.3 | - | #71132 | - |
| str_replace converts integers in original $search array to strings | - | - | - | 7.0.3 | - | #71188 | - |
| substr_replace converts integers in original $search array to strings | - | - | - | 7.0.3 | - | #71190 | - |
| Null pointer deref (segfault) in compact via ob_start | - | - | - | 7.0.3 | - | #71220 | - |
| file_get_contents() ignores "header" context option if it's a reference | - | - | - | 7.0.3 | - | #71245 | - |
| file_put_contents() returns unexpected value when filesystem runs full | - | - | - | 7.0.3 | - | #71264 | - |
| Autoload function registered by another not activated immediately | - | - | - | 7.0.3 | - | #71202 | - |
| Output of stream_get_meta_data can be falsified by its input | - | - | - | 7.0.3 | - | #71323 | - |
| Use-after-free vulnerability in SPL(ArrayObject, unserialize) | - | - | - | 7.0.3 | - | #71311 | - |
| Use-after-free vulnerability in SPL(SplObjectStorage, unserialize) | - | - | - | 7.0.3 | - | #71313 | - |
| Upgraded bundled PCRE library to 8.38. | - | - | - | 7.0.3 | - | # | CVE-2015-8383, CVE-2015-8386, CVE-2015-8387, CVE-2015-8389, CVE-2015-8390, CVE-2015-8391, CVE-2015-8393, CVE-2015-8394 |
| var_export() exports float as integer | - | - | - | 7.0.2 | - | #66179 | - |
| filter_input(INPUT_ENV, ..) does not work | - | - | - | 7.0.2 | - | #71063 | - |
| Heap BufferOver Flow in escapeshell functions | - | - | - | 7.0.2 | - | #71270 | CVE-2016-1904 |
| preg_replace with arrays creates [0] in replace array if not already set | - | - | - | 7.0.2 | - | #71178 | - |
| Array key references break argument processing | - | - | - | 7.0.1 | - | #70993 | - |
| ReflectionFunction for array_unique returns wrong number of parameters | - | - | - | 7.0.1 | - | #70960 | - |
| Duplicate array key via undefined index error handler | - | - | - | 7.0.0 | - | #70662 | - |
| assert() with instanceof adds apostrophes around class name | - | - | - | 7.0.0 | - | #70528 | - |
| Notice: unserialize(): Unexpected end of serialized data | - | - | - | 7.0.0 | - | #70187 | - |
| __COMPILER_HALT_OFFSET__ under namespace is not defined | - | - | - | 7.0.0 | - | #70164 | - |
| Different arrays compare indentical due to integer key truncation | - | - | - | 7.0.0 | - | #69892 | - |
| unserialize() could lead to unexpected methods execution / NULL pointer deref | - | - | - | 7.0.0 | - | #70121 | - |
| uninitialised value in strtr with array | - | - | - | 7.0.0 | - | #69872 | - |
| Different arrays compare indentical due to integer key truncation | - | - | - | 7.0.0 | - | #69892 | - |
| Item added to array not being removed by array_pop/shift | - | - | - | 7.0.0 | - | #69758 | - |
| Segfault when calling phpversion('spl') | - | - | - | 7.0.0 | - | #67959 | - |
| 304 responses return Content-Type header | - | - | - | 7.0.0 | - | #64878 | - |
| HTTP Authorization Header is sometimes passed to newer reqeusts | - | - | - | 7.0.0 | - | #70279 | - |
| copy 'n paste error | - | - | - | 7.0.0 | - | #68714 | - |
| Use after free vulnerability in unserialize() with GMP | - | - | - | 7.0.0 | - | #70284 | - |
| PHP segfaults when accessing nvarchar(max) defined columns | - | - | - | 7.0.0 | - | #69975 | - |
| openssl extension does not get the DH parameters from DH key resource | - | - | - | 7.0.0 | - | #55259 | - |
| OpenSSL error "key values mismatch" after openssl_pkcs12_read with extra cert | - | - | - | 7.0.0 | - | #69882 | - |
| pcntl_signal doesn't decrease ref-count of old handler when setting SIG_DFL | - | - | - | 7.0.0 | - | #60509 | - |
| FASYNC not defined, needs sys/file.h include | - | - | - | 7.0.0 | - | #70214 | - |
| ArrayObject unserialize does not restore protected fields | - | - | - | 7.0.0 | - | #70959 | - |
| Use After Free Vulnerability in unserialize() with SPLArrayObject | - | - | - | 7.0.0 | - | #70166 | - |
| Use After Free Vulnerability in unserialize() with SplObjectStorage | - | - | - | 7.0.0 | - | #70168 | - |
| Use After Free Vulnerability in unserialize() with SplDoublyLinkedList | - | - | - | 7.0.0 | - | #70169 | - |
| Unserialize shows UNKNOWN in result | - | - | - | 7.0.0 | - | #70963 | - |
| extract() breaks variable references | - | - | - | 7.0.0 | - | #70910 | - |
| array_merge_recursive corrupts memory of unset items | - | - | - | 7.0.0 | - | #70808 | - |
| strtr() causes invalid writes and a crashes | - | - | - | 7.0.0 | - | #70667 | - |
| array_keys() doesn't respect references when $strict is true | - | - | - | 7.0.0 | - | #70668 | - |
| pack('x') produces an error | - | - | - | 7.0.0 | - | #70487 | - |
| setcookie() conditional for empty values not met | - | - | - | 7.0.0 | - | #67131 | - |
| Use-after-free vulnerability in unserialize() with SplObjectStorage | - | - | - | 7.0.0 | - | #70365 | - |
| Use-after-free vulnerability in unserialize() with SplDoublyLinkedList | - | - | - | 7.0.0 | - | #70366 | - |
| extract() turns array elements to references | - | - | - | 7.0.0 | - | #70250 | - |
| Assert breaking access on objects | - | - | - | 7.0.0 | - | #70208 | - |
| str_ireplace/php_string_tolower - Arbitrary Code Execution | - | - | - | 7.0.0 | - | #70140 | - |
| Allow "dirname" to go up various times | - | - | - | 7.0.0 | - | #70112 | - |
| scandir duplicates file name at every 65535th file | - | - | - | 7.0.0 | - | #36365 | - |
| Regression in array_filter's $flag argument in PHP 7 | - | - | - | 7.0.0 | - | #69299 | - |
| openssl_random_pseudo_bytes() is not cryptographically secure | - | - | - | 7.0.0 | - | #70014 | CVE-2015-8867 |
| Buffer over-read in exif_read_data with TIFF IFD tag byte value of 32 bytes | - | - | - | 7.0.0 | - | #70385 | - |