PHP Minor versions impact report

This is the list of bugfixes, found in minor versions of PHP that may impact your code.

Title	7.3	7.2	7.1	7.0	php-src	Bugs	CVE
Opcache causes incorrect "undefined variable" errors	-	7.1.18	7.1.18	7.1.18	-	#76281	-
PHP crashes when parsing `(2)::class`	-	7.2.15	-	-	-	#77530	-
Segfault with H2 server push	-	7.2.15	-	-	-	#76675	-
feof might hang on TLS streams in case of fragmented TLS records	-	7.2.15	-	-	-	#77390	-
array_walk_recursive corrupts value types leading to PDO failure	-	7.2.15	-	-	-	#77273	-
segfault about array_multisort	-	7.2.15	-	-	-	#77395	-
parse_str segfaults when inserting item into existing array	-	7.2.15	-	-	-	#77439	-
Serializing or unserializing COM objects crashes	-	7.2.14	-	-	-	#77177	-
DateTime::diff gives wrong diff when the actual diff is less than 1 second	-	7.2.14	-	-	-	#77097	-
efree() on uninitialized Heap data in imagescale leads to use-after-free	-	7.2.14	-	-	-	#77269	-
imagecolormatch Out Of Bounds Write on Heap	-	7.2.14	-	-	-	#77270	-
Incorrect error handling of imagecreatefromjpeg()	-	7.2.14	-	-	-	#77195	-
auto cropping has insufficient precision	-	7.2.14	-	-	-	#77198	-
oci_pconnect with OCI_CRED_EXT not working	-	7.2.14	-	-	-	#76804	-
Issue with re-binding on SQLite3	-	7.2.14	-	-	-	#77051	-
Year component overflow with date formats "c", "o", "r" and "y"	-	7.2.12	7.1.24	-	-	#75851	-
U_ARGUMENT_TYPE_MISMATCH	-	7.2.12	7.1.24	-	-	#76942	-
INI_SCANNER_RAW doesn't strip trailing whitespace	-	7.2.12	7.1.24	-	-	#76965	-
tidy::getOptDoc() not available on Windows	-	7.2.12	7.1.24	-	-	#77027	-
xml_parse_into_struct() does not resolve entities	-	7.2.12	7.1.24	-	-	#30875	-
Cyclic reference in generator not detected	-	7.2.12	7.1.24	-	-	#76946	-
The phpize and ./configure create redundant .deps file	-	7.2.12	7.1.24	-	-	#77035	-
Failed shutdown/reboot or end session in Windows	-	7.2.12	7.1.24	-	-	#76948	-
fractions in `diff()` are not correctly normalized	-	7.2.12	-	-	-	#77007	-
ReflectionFunction::invoke does not invoke closure with object scope	-	7.2.12	-	-	-	#66430	-
Segfault in shutdown function after memory limit error	-	7.2.12	-	-	-	#76846	-
Objects cannot access their private attributes while handling reflection errors	-	7.2.12	-	-	-	#76936	-
method_exists on SPL iterator passthrough method corrupts memory	-	7.2.11	7.1.23	-	-	#76901	-
Wrong exception being thrown when using ReflectionMethod	-	7.2.11	7.1.23	-	-	#74454	-
Bindto IPv6 works with file_get_contents but fails with stream_socket_client	-	7.2.11	7.1.23	-	-	#74764	-
array_reduce is slow when $carry is large array	-	7.2.11	7.1.23	-	-	#75533	-
php_zlib_inflate_filter() may not update bytes_consumed	-	7.2.11	7.1.23	-	-	#75273	-
Compile-time evaluation of disabled function in opcache causes segfault	-	7.2.11	-	-	-	#76796	-
Memory leak when fetching a BLOB field	-	7.2.9	-	-	-	#76488	-
Possible Memory Leak using PDO::CURSOR_SCROLL option	-	7.2.9	-	-	-	#75402	-
Incorrect entries in get_html_translation_table	-	7.2.9	-	-	-	#73817	-
array_column: null values in $index_key become incrementing keys in result	-	7.2.9	-	-	-	#68553	-
Segmentation fault when using `output_add_rewrite_var`	-	7.2.9	-	-	-	#76643	-
ZipArchive memory leak (OVERWRITE flag and empty archive)	-	7.2.9	-	-	-	#76524	-
openssl_pkey_get_public does not respect open_basedir	-	7.2.7	-	-	-	#76296	-
NoRewindIterator segfault 11	-	7.2.7	-	-	-	#76367	-
stream filter convert.iconv leads to infinite loop on invalid sequence	-	7.2.5	7.1.17	7.0.30	-	#76249	-
Malicious LDAP-Server Response causes Crash	-	7.2.5	7.1.17	7.0.30	-	#76248	-
mismatch arginfo for date_create	-	7.2.5	7.1.17	-	-	#76131	-
Wrong cp1251 detection	-	7.2.5	7.1.17	-	-	#75944	-
incorrect url in header for mt_rand	-	7.2.5	7.1.17	-	-	#75996	-
Intl compilation fails with icu4c 61.1	-	7.2.5	-	-	-	#76153	-
mbstring does not build with Oniguruma 6.8.1	-	7.2.5	-	-	-	#76113	-
Access violation when using opcache	-	7.2.5	-	-	-	#76094	-
Segfault while throwing exception in error_handler	-	7.2.4	7.1.15	7.0.29	-	#76025	-
Freeing uninitialized pointer	-	7.2.4	7.1.15	7.0.29	-	#75867	-
wrong unicode mapping in some charsets	-	7.2.4	7.1.15	7.0.29	-	#62545	-
Assertion failure in live range DCE due to block pass misoptimization	-	7.2.4	7.1.15	7.0.29	-	#75969	-
Segmentation fault in buildFromIterator when directory name contains a \n	-	7.2.4	7.1.15	7.0.29	-	#76085	-
Strange references behavior	-	7.2.4	7.1.15	7.0.29	-	#75961	-
parse_ini_string fails to parse "[foo]\nbar=1\|>baz" with segfault	-	7.2.4	7.1.15	-	-	#76068	-
Timezone gets truncated when formatted	-	7.2.3	7.1.15	-	-	#75857	-
Argument 2 for `DateTimeZone::listIdentifiers()` should accept `null`	-	7.2.3	7.1.15	-	-	#75928	-
calling var_dump on a DateTimeZone object modifies it	-	7.2.3	7.1.15	-	-	#68406	-
deal with leading slash while adding files correctly	-	7.2.3	7.1.15	-	-	#65414	-
strange behavior of AppendIterator	-	7.2.3	7.1.15	-	-	#74519	-
Prevent reading beyond buffer start in http wrapper	-	7.2.3	7.1.15	-	-	#75981	-
"stream_isatty" returns wrong value on s390x	-	7.2.3	-	-	-	#75864	-
Memory leak in pg_escape_bytea()	-	7.2.3	-	-	-	#75838	-
Phar::extractTo() does not accept specific directories to be extracted	-	7.2.3	-	-	-	#54289	-
opcache segfault when installing Bitrix	-	7.2.3	-	-	-	#75729	-
file_get_contents $http_response_header variable bugged with opcache	-	7.2.3	-	-	-	#75893	-
Path 260 character problem	-	7.2.2	7.1.14	-	-	#75679	-
getenv() crashes on Windows 7.2.1 when second parameter is false	-	7.2.2	7.1.14	-	-	#75794	-
pg_version() crashes when called on a connection to cockroach	-	7.2.2	7.1.14	-	-	#75671	-
SoapClient generates E_ERROR even if exceptions=1 is used	-	7.2.2	7.1.14	-	-	#70469	-
RecursiveArrayIterator does not traverse arrays by reference	-	7.2.2	7.1.14	-	-	#75717	-
RecursiveArrayIterator doesn't have constants from parent class	-	7.2.2	7.1.14	-	-	#75242	-
RecursiveArrayIterator does not iterate object properties	-	7.2.2	7.1.14	-	-	#73209	-
substr_count incorrect result	-	7.2.2	7.1.14	-	-	#75781	-
Using @ crashes php7.2-fpm	-	7.2.2	-	-	-	#75698	-
array_values don't work on empty array	-	7.2.2	-	-	-	#75653	-
php-process crash when is_file() is used with strings longer 260 chars	-	7.2.1	7.1.13	-	-	#75074	-
libxml_disable_entity_loader setting is shared between requests	-	7.2.1	7.1.13	-	-	#64938	-
Potential infinite loop in gdImageCreateFromGifCtx	-	7.2.1	7.1.13	-	-	#75571	-
preg_last_error not returning error code after error	-	7.2.1	7.1.13	-	-	#74183	-
remove file name from output to avoid XSS	-	7.2.1	7.1.13	-	-	#74782	-
fread not free unused buffer	-	7.2.1	7.1.13	-	-	#75511	-
mt_rand returns value outside [$min,$max]+ on 32-bit) (Remi) Fixed bug #75535 (Inappropriately parsing HTTP response leads to PHP segment fault	-	7.2.1	7.1.13	-	-	#75514	-
accept EFAULT in addition to ENOSYS as indicator that getrandom() is missing	-	7.2.1	7.1.13	-	-	#75409	-
putenv does not work properly if parameter contains non-ASCII unicode character	-	7.2.1	7.1.13	-	-	#75574	-
Segfault with libzip 1.3.1	-	7.2.1	7.1.13	-	-	#75540	-
Invalid opcode 138/1/1	-	7.2.1	-	-	-	#75556	-
MessageFormatter::formatMessage memory corruption with 11+ named placeholders	-	-	7.1.22	-	-	#74484	-
mb_detect_order return value varies based on argument type	-	-	7.1.22	-	-	#76704	-
Opcache treats path containing "test.pharma.tld" as a phar file	-	-	7.1.22	-	-	#76747	-
unusable ssl => peer_fingerprint in stream_context_create()	-	-	7.1.22	-	-	#76705	-
Exception in DirectoryIterator::getLinkTarget()	-	-	7.1.22	-	-	#68825	-
RegexIterator pregFlags are NULL instead of 0	-	-	7.1.22	-	-	#68175	-
array_reduce leaks memory if callback throws exception	-	-	7.1.22	-	-	#76778	-
Zlib version check fails when an include/zlib/ style dir is passed to the --with-zlib configure option	-	-	7.1.22	-	-	#65988	-
PHP hangs on 'illegal string offset on string references with an error handler	-	-	7.1.20	-	-	#76534	-
Chain of mixed exceptions and errors does not serialize properly	-	-	7.1.20	-	-	#76502	-
Undefined property: DateInterval::$f	-	-	7.1.20	-	-	#76462	-
Integer Underflow when unserializing GMP and possible other classes	-	-	7.1.20	-	-	#74670	-
PHP crashes with core dump when throwing exception in error handler	-	-	7.1.20	-	-	#76536	-
ReflectionProperty#getValue() incorrectly works with inherited classes	-	-	7.1.20	-	-	#75231	-
getimagesize with $imageinfo returns false	-	-	7.1.20	-	-	#71848	-
self keyword leads to incorrectly generated TypeError when in closure in trait	-	-	7.1.14	-	-	#75079	-
Builtin webserver crash after chdir in a shutdown function	-	-	7.1.12	7.0.26	-	#75287	-
Enchant still reports version 1.1.0	-	-	7.1.12	7.0.26	-	#75365	-
Exif extension has built in revision version	-	-	7.1.12	7.0.26	-	#75301	-
imagerotate may alter image dimensions	-	-	7.1.12	7.0.26	-	#65148	-
UConverter::setDestinationEncoding changes source instead of destination	-	-	7.1.12	7.0.26	-	#75317	-
openssl_x509_parse leaks memory	-	-	7.1.12	7.0.26	-	#75363	-
Wrong reflection for openssl_open function	-	-	7.1.12	7.0.26	-	#75307	-
Default link incorrectly cleared/linked by pg_close()	-	-	7.1.12	7.0.26	-	#75419	-
Null pointer dereference in zend_mm_alloc_small()	-	-	7.1.11	7.0.25	-	#75241	-
infinite loop when printing an error-message	-	-	7.1.11	7.0.25	-	#75236	-
debug info of Closures of internal functions contain garbage argument names	-	-	7.1.11	7.0.25	-	#75290	-
error: 'zend_hash_key' has no member named 'arKey' in apache2handler	-	-	7.1.11	7.0.25	-	#75311	-
The parameter of UConverter::getAliases() is not optional	-	-	7.1.11	7.0.25	-	#75318	-
arcfour encryption stream filter crashes php	-	-	7.1.11	7.0.25	-	#72535	-
applied upstream patch for CVE-2016-1283	-	-	7.1.11	7.0.25	-	#75207	-
SplDoublyLinkedList::setIteratorMode masks intern flags	-	-	7.1.11	7.0.25	-	#73629	-
Data corruption when reading fields of bit type	-	-	7.1.11	-	-	#75018	-
Request hangs and not finish	-	-	7.1.11	-	-	#75255	-
Type 'bit' is fetched as unexpected string	-	-	7.1.11	-	-	#75177	-
run-tests.php issues with EXTENSION block	-	-	7.1.10	7.0.24	-	#75042	-
BC math handles minus zero incorrectly	-	-	7.1.10	7.0.24	-	#46781	-
libgd/gd_interpolation.c:1786: suspicious if ?	-	-	7.1.10	7.0.24	-	#75139	-
incorrect behavior of AppendIterator::append in foreach loop	-	-	7.1.10	7.0.24	-	#75173	-
gethostname fails if your host name is 64 chars long	-	-	7.1.10	7.0.24	-	#75097	-
AppendIterator::append() is broken when appending another AppendIterator	-	-	7.1.10	-	-	#75155	-
signed integer overflow in parse_iv	-	-	7.1.10	-	-	#75152	-
Fixed finding CURL on systems with multiarch support	-	-	7.1.9	7.0.23	-	#74125	-
Segmentation fault mb_strcut with HTML-ENTITIES encoding	-	-	7.1.9	7.0.23	-	#71606	-
include_path has a 4096 char limit in some cases	-	-	7.1.9	7.0.23	-	#74991	-
null pointer dereference in _function_string	-	-	7.1.9	7.0.23	-	#74949	-
SID constant created with wrong module number	-	-	7.1.9	7.0.23	-	#74833	-
spl_autoload_unregister can't handle spl_autoload_functions results	-	-	7.1.9	7.0.23	-	#75049	-
Unserialize ArrayIterator broken	-	-	7.1.9	7.0.23	-	#74669	-
Crash in recursive iterator destructors	-	-	7.1.9	7.0.23	-	#75015	-
unpack with X* causes infinity loop	-	-	7.1.9	7.0.23	-	#75075	-
heap-use-after-free when unserializing invalid array size	-	-	7.1.9	7.0.23	-	#74103	-
A Denial of Service Vulnerability was found when performing deserialization	-	-	7.1.9	7.0.23	-	#75054	-
Main CWD initialized with wrong codepage	-	-	7.1.9	-	-	#75063	-
Narrowing occurred during type inference	-	-	7.1.9	-	-	#74980	-
Url Rewriting (trans_sid) not working on urls that start with "#"	-	-	7.1.9	-	-	#74892	-
Appending AppendIterator leads to segfault	-	-	7.1.9	-	-	#74977	-
parse_url() broken when query string contains colon	-	-	7.1.8	7.0.22	-	#74780	-
Use After Free in unserialize() SplFixedArray	-	-	7.1.8	7.0.22	-	#73900	-
property_exists returns true on unknown DateInterval property	-	-	7.1.8	7.0.22	-	#74852	-
PHP INI Parsing Stack Buffer Overflow Vulnerability	-	-	7.1.7	7.0.21	-	#74603	-
Heap buffer overread (READ: 1) finish_nested_data from unserialize	-	-	7.1.7	7.0.21	-	#74111	-
References to deleted XPath query results	-	-	7.1.7	7.0.21	-	#69373	-
Buffer over-read into uninitialized memory	-	-	7.1.7	7.0.21	-	#74435	-
Stack Buffer Overflow in msgfmt_parse_message	-	-	7.1.7	7.0.21	-	#73473	-
Wrong reflection on Collator::getSortKey and collator_get_sort_key	-	-	7.1.7	7.0.21	-	#74705	-
Segfault with opcache.memory_protect and validate_timestamp	-	-	7.1.7	7.0.21	-	#74663	-
negative-size-param (-1) in memcpy in zif_openssl_seal()	-	-	7.1.7	7.0.21	-	#74651	-
Segfault when cast Reflection object to string with undefined constant	-	-	7.1.7	7.0.21	-	#74673	-
null coalescing operator failing with SplFixedArray	-	-	7.1.7	7.0.21	-	#74478	-
ftp:// wrapper ignores context arg	-	-	7.1.7	7.0.21	-	#74598	-
Phar::__construct reflection incorrect	-	-	7.1.7	7.0.21	-	#74386	-
Incorrect conversion array with WSDL_CACHE_MEMORY	-	-	7.1.7	7.0.21	-	#74679	-
implement clone for DatePeriod and DateInterval	-	-	7.1.7	-	-	#74639	-
Segfault when using convert.quoted-printable-encode filter	-	-	-	7.0.33	-	#77231	-
PharData always creates new files with mode 0666	-	-	-	7.0.33	-	#77022	-
Heap Buffer Overflow (READ: 4) in phar_parse_pharfile	-	-	-	7.0.33	-	#77143	-
Null Pointer Dereference in timelib_time_clone	-	-	-	7.0.23	-	#75002	-
grapheme_strpos illegal memory access	-	-	-	7.0.21	-	#73634	-
Segmentation fault in PHP7.1.1(compiled using the bundled PCRE library)	-	-	-	7.0.21	-	#74087	-
Invalid Reflection signatures for random_bytes and random_int	-	-	-	7.0.21	-	#74708	-
Heap buffer overflow in substr	-	-	-	7.0.21	-	#73648	-
PDO MySQL segfaults with persistent connection	7.3.2	-	-	-	-	#77289	-
Segmentation Fault when executing method with an empty parameter	7.3.2	-	-	-	-	#77410	-
preg_split does not raise an error on invalid UTF-8	7.3.4	-	-	-	-	#76127	-
var_export() does not create a parsable value for PHP_INT_MIN	7.3.4	-	-	-	-	#76717	-
Interface gets skipped if autoloader throws an exception	7.3.7	-	-	-	-	#76980	-
openssl_encrypt_ccm.phpt fails with OpenSSL 1.1.1c	7.3.7	-	-	-	-	#78079	-
Socket_select fails when resource array contains references	7.3.7	-	-	-	-	#78038	-
Extract with EXTR_SKIP should skip $this	7.3.7	-	-	-	-	#77135	-
preg_match failed	7.3.7	-	-	-	-	#77937	-
imageantialias($image, false); does not work	7.3.6	-	-	-	-	#77943	-
Use after free with json serializer	7.3.6	-	-	-	-	#77843	-
Warning for array_map mentions wrong type	7.3.6	-	-	-	-	#77931	-
strip_tags output change since PHP 7.3	7.3.6	-	-	-	-	#78003	-
wrong reflection on Collator::sortWithSortKeys	-	-	7.1.6	7.0.20	-	#74468	-
mysqli::change_user() doesn't accept null as $database argument w/strict_types	-	-	7.1.6	7.0.20	-	#74547	-
SIGSEGV with opcache.revalidate_path enabled	-	-	7.1.6	7.0.20	-	#74596	-
Phar::webPhar() does not handle requests sent through PUT and DELETE method	-	-	7.1.6	7.0.20	-	#51918	-
Wrong reflection on XMLReader::expand	-	-	7.1.6	7.0.20	-	#74457	-
__DIR__ wrong for unicode character	-	-	7.1.6	-	-	#74589	-
stream_select() is broken on Windows Nanoserver	-	-	7.1.5	7.0.19	-	#74410	-
Wrong reflection on DOMNode::cloneNode	-	-	7.1.5	7.0.19	-	#74416	-
null character not allowed in openssl_pkey_get_private	-	-	7.1.5	7.0.19	-	#73833	-
Segfault in openssl_pkey_new when generating DSA or DH key	-	-	7.1.5	7.0.19	-	#73711	-
phar method parameters reflection correction	-	-	7.1.5	7.0.19	-	#74383	-
setcookie allows max-age to be negative	-	-	7.1.5	7.0.19	-	#72071	-
Remote socket URI with unique persistence identifier broken	-	-	7.1.5	7.0.19	-	#74429	-
multiple catch freezes in some cases	-	-	7.1.5	-	-	#74444	-
Intl does not support DateTimeImmutable	-	-	7.1.5	-	-	#65683	-
IntlDateFormatter->format() doesn't return microseconds/fractions	-	-	7.1.5	-	-	#74298	-
Segmentation error while running a script in CLI mode	-	-	7.1.5	-	-	#74456	-
foreach infinite loop	-	-	7.1.5	-	-	#74431	-
Opcached version produces a nested array	-	-	7.1.5	-	-	#74442	-
Compaction in array_rand() violates COW	-	-	7.1.5	-	-	#74361	-
yield fromLABEL is over-greedy	-	-	7.1.4	7.0.18	-	#74302	-
Swatch time value incorrect for dates before 1970	-	-	7.1.4	7.0.18	-	#72096	-
iconv fails to fail on surrogates	-	-	7.1.4	7.0.18	-	#74230	-
fwrite() on non-blocking SSL sockets doesn't work	-	-	7.1.4	7.0.18	-	#72333	-
Correctly fail on invalid IP address ports	-	-	7.1.4	7.0.18	-	#74216	-
deflate_add can allocate too much memory	-	-	7.1.4	7.0.18	-	#74240	-
array_key_exists fails on arrays created by get_object_vars	-	-	7.1.3	7.0.17	-	#73998	-
NAN check fails on Alpine Linux with musl	-	-	7.1.3	7.0.17	-	#73954	-
gost-crypto hash incorrect if input data contains long 0xFF sequence	-	-	7.1.3	7.0.17	-	#73127	-
ReflectionFunction for imagepng is missing last two parameters	-	-	7.1.3	7.0.17	-	#74031	-
fetch_array broken data. Data more then MEDIUMBLOB	-	-	7.1.3	7.0.17	-	#74021	-
is_callable callable name reports misleading value for anonymous classes	-	-	7.1.3	7.0.17	-	#73118	-
stream_get_contents maxlength>-1 returns empty string	-	-	7.1.3	7.0.17	-	#74090	-
Segfault with nested generators	-	-	7.1.3	-	-	#74157	-
PHP hangs when an invalid value is dynamically passed to typehinted by-ref arg	-	-	7.1.3	-	-	#74164	-
Memory leak with openssl_encrypt()	-	-	7.1.3	-	-	#74099	-
substr_count with length=0 broken	-	-	7.1.3	-	-	#74041	-
incorrect reflection for SQLite3::enableExceptions	-	-	-	7.0.19	-	#74413	-
is_infinite(-INF) returns false	-	-	-	7.0.17	-	#74039	-
DateTime wrong when date string is negative	-	-	-	7.0.17	-	#73294	-
wrong timestamp when call setTimeZone multi times with UTC offset	-	-	-	7.0.17	-	#73489	-
$date->modify('Friday this week') doesn't return a Friday if $date is a Sunday	-	-	-	7.0.17	-	#73942	-
ReflectionFunction incorrectly reports the number of arguments	-	-	-	7.0.17	-	#74148	-
Unsetting result set may reset other result set	-	-	-	7.0.14	-	#73530	-
version_compare illegal write access	-	-	-	7.0.14	-	#73645	-
odbc_errormsg returns trash, always 513 bytes	-	-	-	7.0.14	-	#73448	-
Integer Overflow in php_html_entities()	-	-	-	7.0.14	-	#72135	-
parse_str() without a second argument leads to crash	-	-	-	7.0.13	-	#73181	-
session_unset() empties values from all variables in which is $_session stored	-	-	-	7.0.13	-	#73273	-
array_replace_recursive sometimes mutates its parameters	-	-	-	7.0.13	-	#71241	-
parse_url return wrong hostname	-	-	-	7.0.13	-	#73192	-
Integer overflow in imageline() with antialiasing	-	-	-	7.0.13	-	#73213	-
Stack Buffer Overflow in GD dynamicGetbuf	-	-	-	7.0.13	-	#73280	-
Out of bounds global memory read in BF_crypt triggered by password_verify	-	-	-	7.0.12	-	#72703	-
crypt broken when salt is 'too' long	-	-	-	7.0.12	-	#73058	-
Write out of bounds at number_format	-	-	-	7.0.12	-	#73240	-
Use After Free in PHP7 unserialize()	-	-	-	7.0.12	-	#73147	-
mb_substr only takes 32-bit signed integer	-	-	-	7.0.12	-	#66797	-
\PDOStatement::nextRowset() should succeed when all rows in current rowset haven't been fetched	-	-	-	7.0.12	-	#67130	-
session_destroy null dereference in ps_files_path_create	-	-	-	7.0.12	-	#73100	-
SplObjectStorage unserialize allows use of non-object as key	-	-	-	7.0.12	-	#73258	-
crash in openssl_random_pseudo_bytes function	-	-	-	7.0.12	-	#73276	-
crash in openssl_encrypt function	-	-	-	7.0.12	-	#73275	-
Negative ftruncate() on php://memory exhausts memory	-	-	-	7.0.11	-	#71882	-
substr_compare NULL length interpreted as 0	-	-	-	7.0.11	-	#55451	-
getimagesize returning FALSE on valid jpg	-	-	-	7.0.11	-	#72278	-
ftps:// opendir wrapper data channel encryption fails with IIS FTP 7.5, 8.5	-	-	-	7.0.11	-	#72764	-
assign_dim on string doesn't reset hval	-	-	-	7.0.11	-	#72943	-
Cannot fetch multiple values with group in ini file	-	-	-	7.0.11	-	#70825	-
Cannot upload file using ftp_put to FTPES with require_ssl_reuse	-	-	-	7.0.11	-	#70195	-
getConstant for a array constant with constant values returns NULL/NFC/UKNOWN	-	-	-	7.0.11	-	#72846	-
FILTER_FLAG_NO_RES_RANGE does not cover whole 127.0.0.0/8 range	-	-	-	7.0.10	-	#71745	-
microtime() leaks memory	-	-	-	7.0.10	-	#72024	-
curl_setopt segfault with empty CURLOPT_HTTPHEADER	-	-	-	7.0.10	-	#71709	-
Spurious warning when exception is thrown in user defined function	-	-	-	7.0.10	-	#72668	-
array_walk + array_replace_recursive create references from nothing	-	-	-	7.0.10	-	#72622	-
base64_decode $strict fails to detect null byte	-	-	-	7.0.10	-	#72152	-
base64_decode skips a character after padding in strict mode	-	-	-	7.0.10	-	#72263	-
base64_decode $strict fails with whitespace between padding	-	-	-	7.0.10	-	#72264	-
opendir() does not work with ftps:// wrapper	-	-	-	7.0.10	-	#54431	-
opendir() with ftp:// attempts to open data stream for non-existent directories	-	-	-	7.0.10	-	#72667	-
Certification information (CERTINFO) data parsing error	-	-	-	7.0.10	-	#71929	-
imagecreatefromstring() returns 500 Server Error but page is fully rendered	-	-	-	7.0.10	-	#70315	-
broken transparency of imagearc for truecolor in blendingmode	-	-	-	7.0.10	-	#43828	-
CSV fields incorrectly split if escape char followed by UTF chars	-	-	-	7.0.10	-	#72330	-
array_walk + array_replace_recursive create references from nothing	-	-	-	7.0.10	-	#72622	-
array_walk + array_replace_recursive create references from nothing	-	-	-	7.0.10	-	#72622	-
base64_decode $strict fails to detect null byte	-	-	-	7.0.10	-	#72152	-
base64_decode skips a character after padding in strict mode	-	-	-	7.0.10	-	#72263	-
base64_decode $strict fails with whitespace between padding	-	-	-	7.0.10	-	#72264	-
opendir() does not work with ftps:// wrapper	-	-	-	7.0.10	-	#54431	-
readfile() mangles files larger than 2G	-	-	-	7.0.9	-	#72505	-
Heap overflow through proc_open and $env parameter	-	-	-	7.0.9	-	#72306	-
Use After Free in unserialize() with Unexpected Session Deserialization	-	-	-	7.0.9	-	#72562	-
Use After Free Vulnerability in SNMP with GC and unserialize()	-	-	-	7.0.9	-	#72479	-
readfile() mangles files larger than 2G	-	-	-	7.0.9	-	#72505	-
Heap overflow through proc_open and $env parameter	-	-	-	7.0.9	-	#72306	-
ZipArchive class Use After Free Vulnerability in PHP's GC algorithm and unserialize	-	-	-	7.0.8	-	#72434	CVE-2016-5773
segfault, past-the-end access	-	-	-	7.0.8	-	#72221	-
Integer Overflow in nl2br()	-	-	-	7.0.8	-	#72268	-
Integer Overflow in addcslashes/addslashes	-	-	-	7.0.8	-	#72400	-
pg_pconnect/pg_connect cause use-after-free	-	-	-	7.0.8	-	#72195	-
pg_lo_create arbitrary read	-	-	-	7.0.8	-	#72197	-
range() with float step produces unexpected result	-	-	-	7.0.8	-	#72017	-
Wrong reference when serialize/unserialize an object	-	-	-	7.0.8	-	#72229	-
ignore_user_abort(false) has no effect	-	-	-	7.0.8	-	#72300	-
xml_parser_create/xml_parser_free leaks mem	-	-	-	7.0.8	-	#72206	-
use-after-free - error_reporting	-	-	-	7.0.7	-	#72162	-
implode() inserts garbage into resulting string when joins very big integer	-	-	-	7.0.7	-	#72100	-
?? is not allowed on constant expressions	-	-	-	7.0.7	-	#72059	-
Including a file with anonymous classes multiple times leads to fatal error	-	-	-	7.0.7	-	#72014	-
pg_query_params(): NULL converts to empty string	-	-	-	7.0.7	-	#72028	-
Cyclic references causing session_start(): Failed to decode session object	-	-	-	7.0.7	-	#71972	-
Referencing socket resources breaks stream_select	-	-	-	7.0.7	-	#72075	-
array_column() against an array of objects discards all values matching null	-	-	-	7.0.7	-	#72031	-
Null pointer dereference - openssl_csr_new	-	-	-	7.0.7	-	#72165	-
Crash on assert(new class{})	-	-	-	7.0.6	-	#71922	-
Segmentation fault on ZTS with gethostbyname	-	-	-	7.0.6	-	#71609	-
Cannot access array keys while uksort()	-	-	-	7.0.6	-	#71334	-
Out of bounds heap read access in exif header processing	-	-	-	7.0.6	-	#72094	CVE-2016-4542, CVE-2016-4543, CVE-2016-4544
Missing constant: IntlChar::NO_NUMERIC_VALUE	-	-	-	7.0.6	-	#70455	-
pg_fetch_object binds parameters before call constructor	-	-	-	7.0.6	-	#71820	-
array_fill optimization breaks implementation	-	-	-	7.0.6	-	#72116	-
Unserialize crushes on restore object reference	-	-	-	7.0.6	-	#71940	-
str_replace returns an incorrect resulting array after a foreach by reference	-	-	-	7.0.6	-	#71969	-
header_register_callback() and register_shutdown_function()	-	-	-	7.0.6	-	#71891	-
Null pointer deref (segfault) in stream_context_get_default	-	-	-	7.0.6	-	#71884	-
Unserialize accepts wrongly data	-	-	-	7.0.6	-	#71840	-
substr_replace bug, string length	-	-	-	7.0.6	-	#71827	-
php_crypt() crashes if crypt_r() does not exist or _REENTRANT is not defined	-	-	-	7.0.6	-	#67512	-
xml_parse_into_struct segmentation fault	-	-	-	7.0.6	-	#72099	CVE-2016-4539
Segmentation fault on ZTS with date function (setlocale)	-	-	-	7.0.5	-	#71596	-
yield from does not count EOLs	-	-	-	7.0.5	-	#71724	-
Support constant CURLM_ADDED_ALREADY	-	-	-	7.0.5	-	#71694	-
Buffer over-write in finfo_open with malformed magic file	-	-	-	7.0.5	-	#71527	CVE-2015-8865
PharData fails to open specific file	-	-	-	7.0.5	-	#71317	-
array_column behaves incorrectly after foreach by reference	-	-	-	7.0.5	-	#71660	-
forward_static_call crash	-	-	-	7.0.4	-	#71442	-
Variable references on array elements don't work when using count	-	-	-	7.0.4	-	#71529	-
Multiple Heap Overflow due to integer overflows in xml/filter_url/addcslashes	-	-	-	7.0.4	-	#71637	CVE-2016-4344, CVE-2016-4345, CVE-2016-4346
Built-in HTTP server, we can download file in web by bug	-	-	-	7.0.4	-	#71559	-
finfo throws notice for specific python file	-	-	-	7.0.4	-	#71434	-
compact() maintains references in php7	-	-	-	7.0.4	-	#71603	-
strip_tags improper php code parsing	-	-	-	7.0.4	-	#70720	-
An integer overflow bug in php_implode() could lead heap overflow, make crashes	-	-	-	7.0.4	-	#71449	-
An integer overflow bug in php_str_to_str_ex() led arbitrary code execution.	-	-	-	7.0.4	-	#71450	-
Copied handle with new option CURLOPT_HTTPHEADER crashes while curl_multi_exec	-	-	-	7.0.4	-	#71523	-
exec functions ignore length but look for NULL termination	-	-	-	7.0.3	-	#71039	-
round() segfault on 64-bit builds	-	-	-	7.0.3	-	#71201	-
Null pointer deref (segfault) in get_defined_vars via ob_start	-	-	-	7.0.3	-	#71221	-
var_export(INF) prints INF.0	-	-	-	7.0.3	-	#71314	-
Wrong is_ref on properties as exposed via get_object_vars()	-	-	-	7.0.3	-	#71336	-
curl_setopt() fails to set CURLOPT_POSTFIELDS with reference to CURLFile	-	-	-	7.0.3	-	#71225	-
Memory Read via gdImageRotateInterpolated Array Index Out of Bounds	-	-	-	7.0.3	-	#70976	-
openssl_seal() uninitialized memory usage	-	-	-	7.0.3	-	#71475	-
range() segfaults	-	-	-	7.0.3	-	#71197	-
range() segfaults	-	-	-	7.0.3	-	#71132	-
str_replace converts integers in original $search array to strings	-	-	-	7.0.3	-	#71188	-
substr_replace converts integers in original $search array to strings	-	-	-	7.0.3	-	#71190	-
Null pointer deref (segfault) in compact via ob_start	-	-	-	7.0.3	-	#71220	-
file_get_contents() ignores "header" context option if it's a reference	-	-	-	7.0.3	-	#71245	-
file_put_contents() returns unexpected value when filesystem runs full	-	-	-	7.0.3	-	#71264	-
Autoload function registered by another not activated immediately	-	-	-	7.0.3	-	#71202	-
segfault if clean spl_autoload_funcs while autoloading	-	-	-	7.0.3	-	#71204	-
Output of stream_get_meta_data can be falsified by its input	-	-	-	7.0.3	-	#71323	-
Use-after-free vulnerability in SPL(ArrayObject, unserialize)	-	-	-	7.0.3	-	#71311	-
Use-after-free vulnerability in SPL(SplObjectStorage, unserialize)	-	-	-	7.0.3	-	#71313	-
Upgraded bundled PCRE library to 8.38.	-	-	-	7.0.3	-	#	CVE-2015-8383, CVE-2015-8386, CVE-2015-8387, CVE-2015-8389, CVE-2015-8390, CVE-2015-8391, CVE-2015-8393, CVE-2015-8394
var_export() exports float as integer	-	-	-	7.0.2	-	#66179	-
filter_input(INPUT_ENV, ..) does not work	-	-	-	7.0.2	-	#71063	-
Heap BufferOver Flow in escapeshell functions	-	-	-	7.0.2	-	#71270	CVE-2016-1904
preg_replace with arrays creates [0] in replace array if not already set	-	-	-	7.0.2	-	#71178	-
Compile fails on system with 160 CPUs	-	-	-	7.0.1	-	#70831	-
Array key references break argument processing	-	-	-	7.0.1	-	#70993	-
ReflectionFunction for array_unique returns wrong number of parameters	-	-	-	7.0.1	-	#70960	-
token_get_all has new irrecoverable errors	-	-	-	7.0.0	-	#69430	-
password_verify reports back error on PHP7 will null string	-	-	-	7.0.0	-	#69686	-
Duplicate array key via undefined index error handler	-	-	-	7.0.0	-	#70662	-
assert() with instanceof adds apostrophes around class name	-	-	-	7.0.0	-	#70528	-
Notice: unserialize(): Unexpected end of serialized data	-	-	-	7.0.0	-	#70187	-
__COMPILER_HALT_OFFSET__ under namespace is not defined	-	-	-	7.0.0	-	#70164	-
Different arrays compare indentical due to integer key truncation	-	-	-	7.0.0	-	#69892	-
unserialize() could lead to unexpected methods execution / NULL pointer deref	-	-	-	7.0.0	-	#70121	-
uninitialised value in strtr with array	-	-	-	7.0.0	-	#69872	-
Broken output of apache_request_headers	-	-	-	7.0.0	-	#69849	-
parse_ini_file() and parse_ini_string() segmentation fault	-	-	-	7.0.0	-	#69551	-
phpinfo() reports Professional Editions of Windows 7/8/8.1/10 as "Business"	-	-	-	7.0.0	-	#69781	-
phpinfo() does not report many Windows SKUs	-	-	-	7.0.0	-	#69835	-
Different arrays compare indentical due to integer key truncation	-	-	-	7.0.0	-	#69892	-
Item added to array not being removed by array_pop/shift	-	-	-	7.0.0	-	#69758	-
Segfault when calling phpversion('spl')	-	-	-	7.0.0	-	#67959	-
phpinfo: PHP Variables with $ and single quotes	-	-	-	7.0.0	-	#55467	-
304 responses return Content-Type header	-	-	-	7.0.0	-	#64878	-
HTTP Authorization Header is sometimes passed to newer reqeusts	-	-	-	7.0.0	-	#70279	-
copy 'n paste error	-	-	-	7.0.0	-	#68714	-
Use after free vulnerability in unserialize() with GMP	-	-	-	7.0.0	-	#70284	-
PHP segfaults when accessing nvarchar(max) defined columns	-	-	-	7.0.0	-	#69975	-
openssl extension does not get the DH parameters from DH key resource	-	-	-	7.0.0	-	#55259	-
OpenSSL error "key values mismatch" after openssl_pkcs12_read with extra cert	-	-	-	7.0.0	-	#69882	-
pcntl_signal doesn't decrease ref-count of old handler when setting SIG_DFL	-	-	-	7.0.0	-	#60509	-
phpdbg must respect set_exception_handler	-	-	-	7.0.0	-	#70532	-
FASYNC not defined, needs sys/file.h include	-	-	-	7.0.0	-	#70214	-
ArrayObject unserialize does not restore protected fields	-	-	-	7.0.0	-	#70959	-
Use After Free Vulnerability in unserialize() with SPLArrayObject	-	-	-	7.0.0	-	#70166	-
Use After Free Vulnerability in unserialize() with SplObjectStorage	-	-	-	7.0.0	-	#70168	-
Use After Free Vulnerability in unserialize() with SplDoublyLinkedList	-	-	-	7.0.0	-	#70169	-
Unserialize shows UNKNOWN in result	-	-	-	7.0.0	-	#70963	-
extract() breaks variable references	-	-	-	7.0.0	-	#70910	-
array_merge_recursive corrupts memory of unset items	-	-	-	7.0.0	-	#70808	-
strtr() causes invalid writes and a crashes	-	-	-	7.0.0	-	#70667	-
array_keys() doesn't respect references when $strict is true	-	-	-	7.0.0	-	#70668	-
pack('x') produces an error	-	-	-	7.0.0	-	#70487	-
changing configuration with ignore_user_abort(true) isn't working	-	-	-	7.0.0	-	#70342	-
setcookie() conditional for empty values not met	-	-	-	7.0.0	-	#67131	-
Use-after-free vulnerability in unserialize() with SplObjectStorage	-	-	-	7.0.0	-	#70365	-
Use-after-free vulnerability in unserialize() with SplDoublyLinkedList	-	-	-	7.0.0	-	#70366	-
extract() turns array elements to references	-	-	-	7.0.0	-	#70250	-
Assert breaking access on objects	-	-	-	7.0.0	-	#70208	-
str_ireplace/php_string_tolower - Arbitrary Code Execution	-	-	-	7.0.0	-	#70140	-
Allow "dirname" to go up various times	-	-	-	7.0.0	-	#70112	-
scandir duplicates file name at every 65535th file	-	-	-	7.0.0	-	#36365	-
exec does not strip all whitespace	-	-	-	7.0.0	-	#70018	-
Passing parameters by reference and array_column	-	-	-	7.0.0	-	#69723	-
Regression in array_filter's $flag argument in PHP 7	-	-	-	7.0.0	-	#69299	-
flock() out parameter not set correctly in windows	-	-	-	7.0.0	-	#65272	-
Regression in session_regenerate_id()	-	-	-	7.0.0	-	#67694	-
Reference to $_SESSION is lost after a call to session_regenerate_id()	-	-	-	7.0.0	-	#70013	-
Missing ARG_INFO for openssl_seal()	-	-	-	7.0.0	-	#70395	-
openssl_seal fails with AES	-	-	-	7.0.0	-	#60632	-
Add IV parameter for openssl_seal and openssl_open	-	-	-	7.0.0	-	#70438	-
openssl_random_pseudo_bytes() is not cryptographically secure	-	-	-	7.0.0	-	#70014	CVE-2015-8867