Top reports from PHP (IBB) program at HackerOne:
- In correct casting from size_t to int lead to heap overflow in mcrypt_generic to PHP (IBB) - 81 upvotes, $1000
- Heap Buffer Overflow (READ: 4) in phar_parse_pharfile to PHP (IBB) - 72 upvotes, $1500
- GMP Deserialization Type Confusion Vulnerability [MyBB <= 1.8.3 RCE Vulnerability] to PHP (IBB) - 64 upvotes, $1500
- Type Confusion Vulnerability - SOAP / make_http_soap_request() to PHP (IBB) - 64 upvotes, $1000
- Out-of-bounds read in iconv.c:_php_iconv_mime_decode() due to integer overflow to PHP (IBB) - 58 upvotes, $1500
- Inappropriate URL parsing may cause security risk! to PHP (IBB) - 52 upvotes, $1000
- Heap overflow in mysqlnd related to BIT fields (CVE-2016-7412) to PHP (IBB) - 50 upvotes, $1000
- DOS in stream filters to PHP (IBB) - 44 upvotes, $1500
- Int Overflow lead to Heap OverFlow in exif_thumbnail_extract of exif.c to PHP (IBB) - 42 upvotes, $500
- mb_strtolower (UTF-32LE): stack-buffer-overflow at php_unicode_tolower_full (CVE-2020-7065) to PHP (IBB) - 40 upvotes, $1500
- CVE-2019-11043: a buffer underflow in fpm_main.c can lead to RCE in php-fpm to PHP (IBB) - 36 upvotes, $1500
- PHP mbstring / Oniguruma multiple remote heap/stack corruptions to PHP (IBB) - 35 upvotes, $1500
- select_colors write out-of-bounds to PHP (IBB) - 23 upvotes, $1000
- Out of Bounds Memory Read in exif_scan_thumbnail to PHP (IBB) - 20 upvotes, $1500
- efree() on uninitialized Heap data in imagescale leads to use-after-free to PHP (IBB) - 16 upvotes, $1500
- PHP Session Data Injection Vulnerability to PHP (IBB) - 16 upvotes, $1000
- php curl ext size_t overflow lead to heap corruption to PHP (IBB) - 14 upvotes, $1000
- Use-After-Free / Double-Free in WDDX Deserialize to PHP (IBB) - 14 upvotes, $500
- wddx_deserialize use-after-free to PHP (IBB) - 14 upvotes, $500
- null pointer dereference in imap_mail to PHP (IBB) - 13 upvotes, $1500
- heap-buffer-overflow (READ of size 48) in exif_read_data() to PHP (IBB) - 13 upvotes, $500
- CVE-2018-12882: heap-use-after-free in PHP 7.2 through 7.2.6, possible 7.2.7 to PHP (IBB) - 13 upvotes, $500
- php mcrypt ext - In correct casting from size_t to int lead to heap overflow in mdecrypt_generic to PHP (IBB) - 12 upvotes, $1000
- Memory corruption when parsing a hostile PHAR archive to PHP (IBB) - 12 upvotes, $500
- PHP openssl_x509_parse() Memory Corruption Vulnerability to PHP (IBB) - 11 upvotes, $4000
- Use After Free Vulnerability in PHP's GC algorithm and unserialize to PHP (IBB) - 11 upvotes, $1000
- ZipArchive class Use After Free Vulnerability in PHP's GC algorithm and unserialize to PHP (IBB) - 11 upvotes, $1000
- Heap Buffer Overflow (READ: 1786) in exif_iif_add_value to PHP (IBB) - 11 upvotes, $500
- Heap Use After Free Read in unserialize() to PHP (IBB) - 11 upvotes, $500
- Improper handling of Chunked data request in sapi_apache2.c leads to Reflected XSS to PHP (IBB) - 10 upvotes, $500
- Out of Bounds Memory Read in php_jpg_get16 to PHP (IBB) - 8 upvotes, $1500
- Use after free and out of bounds read in xmlrpc_decode() to PHP (IBB) - 8 upvotes, $1500
- heap buffer overflow in phar_detect_phar_fname_ext to PHP (IBB) - 7 upvotes, $1500
- Use After Free Vulnerability in SNMP with GC and unserialize() to PHP (IBB) - 7 upvotes, $1000
- Heap Use After Free in unserialize() to PHP (IBB) - 7 upvotes, $500
- Out of Bounds Memory Read in unserialize() to PHP (IBB) - 7 upvotes, $500
- Out-of-Bound Read in phar_parse_zipfile() to PHP (IBB) - 7 upvotes, $500
- Illegal write/read access caused by gdImageAALine overflow to PHP (IBB) - 7 upvotes, $500
- memory corruption in wordwrap function to PHP (IBB) - 7 upvotes, $500
- integer overflow in imap_binary caused heap corruption to PHP (IBB) - 7 upvotes, $500
- heap overflow in substr_replace to PHP (IBB) - 7 upvotes, $500
- Invalid Read on exif_process_SOFn to PHP (IBB) - 6 upvotes, $1500
- Out of bound read in exif_process_IFD_in_MAKERNOTE to PHP (IBB) - 6 upvotes, $1000
- Out of bounds memory read in unserialize() to PHP (IBB) - 6 upvotes, $500
- linkinfo - openbasedir bypass on Windows PHP to PHP (IBB) - 6 upvotes, $500
- Integer Overflow in php_html_entities() to PHP (IBB) - 6 upvotes, $500
- Integer Overflow in Length of String-typed ZVAL to PHP (IBB) - 6 upvotes, $500
- Use-after-free in PHP7's unserialize() to PHP (IBB) - 6 upvotes, $500
- Inappropriately parsing HTTP response leads to PHP segment fault! to PHP (IBB) - 6 upvotes, $500
- Potential infinite loop in gdImageCreateFromGifCtx! to PHP (IBB) - 6 upvotes, $500
- integer overflow in fgetcsv caused heap corruption to PHP (IBB) - 6 upvotes, $500
- PHP Heap Overflow Vulnerability in imagecrop() to PHP (IBB) - 5 upvotes, $1500
- Type Confusion in WDDX Packet Deserialization to PHP (IBB) - 5 upvotes, $1000
- Uninitialized Thumbail Data Leads To Memory Leakage in exif_process_IFD_in_TIFF to PHP (IBB) - 5 upvotes, $1000
- Integer Overflow in addcslashes()/addslashes() to PHP (IBB) - 5 upvotes, $500
- Integer Overflow/Heap Overflow in json_encode()/json_decode() to PHP (IBB) - 5 upvotes, $500
- Use After Free Vulnerability in array_walk()/array_walk_recursive() to PHP (IBB) - 5 upvotes, $500
- pass2_no_dither out-of-bounds access to PHP (IBB) - 5 upvotes, $500
- integer overflow in curl_escape caused heap corruption to PHP (IBB) - 5 upvotes, $500
- integer overflow in pg_escape_bytea caused heap corruption to PHP (IBB) - 5 upvotes, $500
- integer overflow in pg_escape_string caused heap corruption to PHP (IBB) - 5 upvotes, $500
- integer overflow in php_uuencode caused heap corruption to PHP (IBB) - 5 upvotes, $500
- Integer overflow lead to heap corruption in sql_regcase to PHP (IBB) - 5 upvotes, $500
- integer overflow in bzdecompress caused heap corruption to PHP (IBB) - 5 upvotes, $500
- imagecolormatch Out Of Bounds Write on Heap to PHP (IBB) - 4 upvotes, $1500
- Use After Free in unserialize() with Unexpected Session Deserialization to PHP (IBB) - 4 upvotes, $1000
- Create an Unexpected Object and Don't Invoke __wakeup() in During Deserialization to PHP (IBB) - 4 upvotes, $1000
- Use After Free in PHP7 unserialize() to PHP (IBB) - 4 upvotes, $1000
- Use-after-free in unserialize() to PHP (IBB) - 4 upvotes, $1000
- Type Confusion Vulnerability in SoapClient to PHP (IBB) - 4 upvotes, $500
- Invalid parameter in memcpy function trough openssl_pbkdf2 to PHP (IBB) - 4 upvotes, $500
- Heap overflow caused by type confusion vulnerability in merge_param() to PHP (IBB) - 4 upvotes, $500
- Use after free with assign by ref to overloaded objects to PHP (IBB) - 4 upvotes, $500
- Integer Overflow in php_raw_url_encode to PHP (IBB) - 4 upvotes, $500
- Multiple Heap Overflows in php_raw_url_encode/php_url_encode to PHP (IBB) - 4 upvotes, $500
- Integer Overflow in SplFileObject::fread to PHP (IBB) - 4 upvotes, $500
- Integer Overflow in nl2br() to PHP (IBB) - 4 upvotes, $500
- Use After Free/Double Free in Garbage Collection to PHP (IBB) - 4 upvotes, $500
- Use After Free Vulnerability in unserialize() to PHP (IBB) - 4 upvotes, $500
- Memory Corruption in During Deserialized-object Destruction to PHP (IBB) - 4 upvotes, $500
- NULL Pointer Dereference in WDDX Packet Deserialization with PDORow to PHP (IBB) - 4 upvotes, $500
- Use-after-free in ArrayObject Deserialization to PHP (IBB) - 4 upvotes, $500
- Use After Free in unserialize() to PHP (IBB) - 4 upvotes, $500
- Create an Unexpected Object and Don't Invoke __wakeup() in Deserialization to PHP (IBB) - 4 upvotes, $500
- memory allocator fails to realloc small block to large one to PHP (IBB) - 4 upvotes, $500
- integer overflow in fgets cause heap corruption to PHP (IBB) - 4 upvotes, $500
- integer overflow in str_pad caused heap corruption to PHP (IBB) - 4 upvotes, $500
- integer overflow in php_ldap_do_escape caused heap corruption to PHP (IBB) - 4 upvotes, $500
- integer overflow in urlencode caused heap corruption to PHP (IBB) - 4 upvotes, $500
- integer overflow in quoted_printable_encode caused heap corruption to PHP (IBB) - 4 upvotes, $500
- integer overflow in base64_decode caused heap corruption to PHP (IBB) - 4 upvotes, $500
- CVE-2016-7418 PHP Out-Of-Bounds Read in php_wddx_push_element to PHP (IBB) - 4 upvotes, $500
- Long filenames cause OOM and temp files are not cleaned to PHP (IBB) - 4 upvotes, $500
- Use after free vulnerability in unserialize() with DateTimeZone to PHP (IBB) - 3 upvotes, $2500
- Integer overflow in ZipArchive::getFrom* to PHP (IBB) - 3 upvotes, $1500
- Buffer overflow in HTTP url parsing functions to PHP (IBB) - 3 upvotes, $1000
- Buffer overflow in HTTP parse_hostinfo(), parse_userinfo() and parse_scheme() to PHP (IBB) - 3 upvotes, $1000
- SEH buffer overflow msgfmt_format_message to PHP (IBB) - 3 upvotes, $1000
- Uninitialized pointer in phar_make_dirstream() to PHP (IBB) - 3 upvotes, $1000
- Heap corruption in tar/zip/phar parser to PHP (IBB) - 3 upvotes, $1000
- Use after free vulnerability in unserialize() with GMP to PHP (IBB) - 3 upvotes, $500
- Use of uninitialized memory in unserialize() to PHP (IBB) - 3 upvotes, $500
- Crash (DoS) when parsing a hostile TIFF to PHP (IBB) - 3 upvotes, $500
- Type Confusion in Object Deserialization to PHP (IBB) - 3 upvotes, $500
- crash in locale_compose() function to PHP (IBB) - 3 upvotes, $500
- integer overflow in preg_quote caused heap corruption to PHP (IBB) - 3 upvotes, $500
- PHP Integer Overflow in gdImageWebpCtx to PHP (IBB) - 3 upvotes, $500
- Null Pointer Dereference in phar_create_or_parse_filename to PHP (IBB) - 3 upvotes, $0
- Use After Free Vulnerability in unserialize() to PHP (IBB) - 2 upvotes, $1500
- Use after free vulnerability in unserialize() with DateInterval to PHP (IBB) - 2 upvotes, $1500
- Multiple Use After Free Vulnerabilites in unserialize() to PHP (IBB) - 2 upvotes, $1500
- Heap overflow in utf32be_mbc_to_code to PHP (IBB) - 2 upvotes, $1500
- Out of Bounds Memory Read in exif_process_user_comment to PHP (IBB) - 2 upvotes, $1500
- Use After Free Vulnerability in unserialize() with SplDoublyLinkedList to PHP (IBB) - 2 upvotes, $1000
- Use After Free Vulnerability in unserialize() with SplObjectStorage to PHP (IBB) - 2 upvotes, $1000
- Use After Free Vulnerability in unserialize() to PHP (IBB) - 2 upvotes, $1000
- php_snmp_error() Format String Vulnerability to PHP (IBB) - 2 upvotes, $1000
- imagegammacorrect allows arbitrary write access to PHP (IBB) - 2 upvotes, $1000
- Memory Leakage In exif_process_IFD_in_TIFF (CVE-2016-7128) to PHP (IBB) - 2 upvotes, $1000
- Stack-based buffer overflow vulnerability in virtual_file_ex to PHP (IBB) - 2 upvotes, $1000
- Use-after-free in php_curl related to CURLOPT_FILE/_INFILE/_WRITEHEADER to PHP (IBB) - 2 upvotes, $500
- php_stream_url_wrap_http_ex() type-confusion vulnerability to PHP (IBB) - 2 upvotes, $500
- Use After Free Vulnerability in session deserializer to PHP (IBB) - 2 upvotes, $500
- zend_throw_or_error() format string vulnerability to PHP (IBB) - 2 upvotes, $500
- NULL Pointer Dereference in exif_process_user_comment to PHP (IBB) - 2 upvotes, $500
- imagefilltoborder stackoverflow on truecolor images to PHP (IBB) - 2 upvotes, $500
- Write out-of-bounds at number_format to PHP (IBB) - 2 upvotes, $500
- memcpy negative parameter _bc_new_num_ex to PHP (IBB) - 2 upvotes, $500
- Use After Free Vulnerability in WDDX Packet Deserialization to PHP (IBB) - 2 upvotes, $500
- Type Confusion Vulnerability in PHP_to_XMLRPC_worker() to PHP (IBB) - 2 upvotes, $500
- Session WDDX Packet Deserialization Type Confusion Vulnerability to PHP (IBB) - 2 upvotes, $500
- Out-of-bounds reads in zif_grapheme_stripos with negative offset to PHP (IBB) - 2 upvotes, $500
- imagecropauto out-of-bounds access to PHP (IBB) - 2 upvotes, $500
- wddx_deserialize null dereference in php_wddx_pop_element to PHP (IBB) - 2 upvotes, $500
- wddx_deserialize null dereference with invalid xml to PHP (IBB) - 2 upvotes, $500
- PHP INI Parsing Stack Buffer Overflow Vulnerability to PHP (IBB) - 2 upvotes, $500
- Out-Of-Bounds Read in timelib_meridian() to PHP (IBB) - 2 upvotes, $500
- PHP WDDX Deserialization Heap OOB Read in timelib_meridian() to PHP (IBB) - 2 upvotes, $500
- PHP OpenSSL zif_openssl_seal() heap overflow (wild memcpy) to PHP (IBB) - 2 upvotes, $500
- Integer overflow in wordwrap to PHP (IBB) - 2 upvotes, $500
- Multiple Heap Overflow due to integer overflows | xml/filter_url/addcslashes to PHP (IBB) - 2 upvotes, $500
- imap_rfc822_parse_headers GS Violation to PHP (IBB) - 2 upvotes, $500
- wddx_deserialize allows illegal memory access to PHP (IBB) - 2 upvotes, $500
- crash in gzcompress and 3 other compress functions to PHP (IBB) - 2 upvotes, $500
- ldap_escape could produce string larger than 2Gb to PHP (IBB) - 2 upvotes, $500
- integer overflow in recode_string caused heap corruption to PHP (IBB) - 2 upvotes, $500
- heap-buffer-overflow (write) simplestring_addn simplestring.c to PHP (IBB) - 2 upvotes, $500
- Trivial age-old heap overflow in 32-bit PHP to PHP (IBB) - 2 upvotes, $500
- Heap BufferOver Flow in escapeshellargs and escapeshellcmd functions to PHP (IBB) - 2 upvotes, $500
- Arbitary Memory Read via gdImageRotateInterpolated Array Index Out of Bounds to PHP (IBB) - 2 upvotes, $500
- PHP 7.3.3: Heap-use-after-free (READ of size 8) in match_at() to PHP (IBB) - 2 upvotes, $500
- Out-of-Bound Read in urldecode() [CVE-2020-7067] to PHP (IBB) - 2 upvotes, $500
- buffer overread in base64 code of the xmlrpc module to PHP (IBB) - 2 upvotes, $500
- OOB read in php_strip_tags_ex to PHP (IBB) - 2 upvotes, $500
- Null pointer deref (segfault) in stream_context_get_default to PHP (IBB) - 2 upvotes, $0
- 3 heap corruptions in PHP to PHP (IBB) - 1 upvotes, $1500
- Stack Buffer Overflow in GD dynamicGetbuf to PHP (IBB) - 1 upvotes, $1500
- Inadequate error handling in bzread() to PHP (IBB) - 1 upvotes, $1500
- phar_tar_writeheaders_int() buffer overflow to PHP (IBB) - 1 upvotes, $1500
- Buffer over-write in finfo_open with malformed magic file. to PHP (IBB) - 1 upvotes, $1500
- Null Pointer Dereference in PHP Session Upload Progress to PHP (IBB) - 1 upvotes, $1500
- Negative size parameter in mb_split to PHP (IBB) - 1 upvotes, $1500
- Negative size parameter (-1) in memcpy mbfl_strcut to PHP (IBB) - 1 upvotes, $1000
- Stack-based buffer overflow vulnerability in php_stream_zip_opener to PHP (IBB) - 1 upvotes, $1000
- Heap Overflow Due To Integer Overflow to PHP (IBB) - 1 upvotes, $1000
- Invalid free in phar_extract_file() to PHP (IBB) - 1 upvotes, $1000
- Use-after-free vulnerability in SPL(SplObjectStorage, unserialize) to PHP (IBB) - 1 upvotes, $1000
- Use-after-free vulnerability in SPL(ArrayObject, unserialize) to PHP (IBB) - 1 upvotes, $1000
- openssl_seal() uninitialized memory usage to PHP (IBB) - 1 upvotes, $1000
- out of bounds read crashes php-cgi to PHP (IBB) - 1 upvotes, $500
- memcpy negative size parameter in php_resolve_path to PHP (IBB) - 1 upvotes, $500
- potential remote code execution with phar archive to PHP (IBB) - 1 upvotes, $500
- xml_parse_into_struct segmentation fault to PHP (IBB) - 1 upvotes, $500
- stack-buffer-overflow through "ResourceBundle" methods to PHP (IBB) - 1 upvotes, $500
- bcpowmod accepts negative scale and corrupts one definition to PHP (IBB) - 1 upvotes, $500
- get_icu_value_internal out-of-bounds read to PHP (IBB) - 1 upvotes, $500
- locale_accept_from_http out-of-bounds access to PHP (IBB) - 1 upvotes, $500
- Illegal write access through Locale methods to PHP (IBB) - 1 upvotes, $500
- CVE-2015-8874 Stack overflow with imagefilltoborder to PHP (IBB) - 1 upvotes, $500
- imagegif/output out-of-bounds access to PHP (IBB) - 1 upvotes, $500
- Integer underflow / arbitrary null write in fread/gzread to PHP (IBB) - 1 upvotes, $500
- Null pointer deref with ob_start with get_defined_vars to PHP (IBB) - 1 upvotes, $500
- Null pointer deref with ob_start with compact to PHP (IBB) - 1 upvotes, $500
- memory corruption while parsing HTTP response to PHP (IBB) - 1 upvotes, $500
- imagescale out-of-bounds read to PHP (IBB) - 1 upvotes, $500
- gdImageTrueColorToPaletteBody allows arbitrary write/read access to PHP (IBB) - 1 upvotes, $500
- wddx_deserialize null dereference to PHP (IBB) - 1 upvotes, $500
- NULL Pointer Dereference while unserialize php object to PHP (IBB) - 1 upvotes, $500
- Invalid read when wddx decodes empty boolean element to PHP (IBB) - 1 upvotes, $500
- NULL pointer dereference in SimpleXMLElement::asXML() to PHP (IBB) - 1 upvotes, $500
- crash in openssl_random_pseudo_bytes function to PHP (IBB) - 1 upvotes, $500
- missing NULL check in dom_document_save_html to PHP (IBB) - 1 upvotes, $500
- heap overflow in php_ereg_replace function to PHP (IBB) - 1 upvotes, $500
- crash in implode() function to PHP (IBB) - 1 upvotes, $500
- iconv() function missing string length check to PHP (IBB) - 1 upvotes, $500
- crash in bzcompress function to PHP (IBB) - 1 upvotes, $500
- crash in get_icu_value_internal function to PHP (IBB) - 1 upvotes, $500
- crash in locale_get_keywords() when keyword value in locale string too long to PHP (IBB) - 1 upvotes, $500
- another crash in locale_get_keywords function to PHP (IBB) - 1 upvotes, $500
- CachingIterator null dereference when convert to string to PHP (IBB) - 1 upvotes, $500
- Memory corruption in _php_math_number_format_ex() to PHP (IBB) - 1 upvotes, $500
- Heap overflow due to integer overflow in bzdecompress() function to PHP (IBB) - 1 upvotes, $500
- Memory corruption due to missing check size in _php_math_number_format_ex() to PHP (IBB) - 1 upvotes, $500
- Heap overflow due to integer overflow in pg_escape_string() function to PHP (IBB) - 1 upvotes, $500
- Heap overflow due to integer overflow in php_escape_html_entities_ex() function to PHP (IBB) - 1 upvotes, $500
- Invalid memory access in zend_strtod() function to PHP (IBB) - 1 upvotes, $500
- crash in simplestring_addn function to PHP (IBB) - 1 upvotes, $500
- Invalid memory access in spl_filesystem_dir_open function to PHP (IBB) - 1 upvotes, $500
- Invalid memory access in php_basename function to PHP (IBB) - 1 upvotes, $500
- Invalid memory access in spl_filesystem_info_set_filename function to PHP (IBB) - 1 upvotes, $500
- malloc negative size parameter to PHP (IBB) - 1 upvotes, $500
- php_snmp_parse_oid integer overflow in memory allocation to PHP (IBB) - 1 upvotes, $500
- gzuncompress does NOT check output string size which leads to an overflow to PHP (IBB) - 1 upvotes, $500
- gzdecode does NOT check output string size which leads to an overflow to PHP (IBB) - 1 upvotes, $500
- Missing type check when unserializing SplArray to PHP (IBB) - 1 upvotes, $500
- integer overflow in xml_utf8_encode to PHP (IBB) - 1 upvotes, $500
- Heap overflow in curl_escape to PHP (IBB) - 1 upvotes, $500
- Out of bound when verify signature of tar phar in phar_parse_tarfile to PHP (IBB) - 1 upvotes, $500
- Out of bound when verify signature of zip phar in phar_parse_zipfile to PHP (IBB) - 1 upvotes, $500
- Heap Overflow due to integer overflows to PHP (IBB) - 1 upvotes, $500
- Integer Overflow in gdImagePaletteToTrueColor() resulting in heap overflow to PHP (IBB) - 1 upvotes, $500
- NULL Pointer Dereference at _gdScaleVert to PHP (IBB) - 1 upvotes, $500
- Integer Overflow in _gd2GetHeader() resulting in heap overflow to PHP (IBB) - 1 upvotes, $500
- Double Free Corruption in wddx.c (extension) to PHP (IBB) - 1 upvotes, $500
- _php_mb_regex_ereg_replace_exec - double free to PHP (IBB) - 1 upvotes, $500
- Multiple vulnerabilities related to PCRE functions (already fixed) to PHP (IBB) - 1 upvotes, $500
- An integer overflow bug in php_str_to_str_ex() led arbitrary code execution. to PHP (IBB) - 1 upvotes, $500
- PHP-FPM fpm_log.c memory leak and buffer overflow to PHP (IBB) - 1 upvotes, $500
- An integer overflow bug in php_implode() could lead heap overflow, make PHP to crash to PHP (IBB) - 1 upvotes, $500
- Uninitialized read in gdImageCreateFromXbm to PHP (IBB) - 1 upvotes, $500
- DirectoryIterator class silently truncates after a null byte to PHP (IBB) - 1 upvotes, $500
- Out-of-bounds Read in php_strip_tags_ex to PHP (IBB) - 1 upvotes, $500
- PHP link() silently truncates after a null byte on Windows to PHP (IBB) - 1 upvotes, $500
- Use after free vulnerability in unserialize() to PHP (IBB) - 0 upvotes, $3000
- SPL ArrayObject/SPLObjectStorage Unserialization Type Confusion Vulnerabilities to PHP (IBB) - 0 upvotes, $2500
- Locale::parseLocale Double Free to PHP (IBB) - 0 upvotes, $2500
- Free called on unitialized pointer in exif.c to PHP (IBB) - 0 upvotes, $2500
- SoapClient's __call() type confusion through unserialize() to PHP (IBB) - 0 upvotes, $2500
- ZIP Integer Overflow leads to writing past heap boundary to PHP (IBB) - 0 upvotes, $1500
- Integer overflow in ftp_genlist() resulting in heap overflow to PHP (IBB) - 0 upvotes, $1500
- PHP yaml_parse/yaml_parse_file/yaml_parse_url Double Free to PHP (IBB) - 0 upvotes, $1500
- SOAP serialize_function_call() type confusion / RCE to PHP (IBB) - 0 upvotes, $1500
- Uninitialized read in exif_process_IFD_in_MAKERNOTE to PHP (IBB) - 0 upvotes, $1500
- Uninitialized read in exif_process_IFD_in_TIFF to PHP (IBB) - 0 upvotes, $1500
- Buffer Over flow when parsing tar/zip/phar in phar_set_inode to PHP (IBB) - 0 upvotes, $1000
- Buffer Over-read in unserialize when parsing Phar to PHP (IBB) - 0 upvotes, $1000
- Buffer over-read in exif_read_data with TIFF IFD tag to PHP (IBB) - 0 upvotes, $1000
- Uninitialized pointer in phar_make_dirstream to PHP (IBB) - 0 upvotes, $1000
- Dangling pointer in the unserialization of ArrayObject items to PHP (IBB) - 0 upvotes, $1000
- Arbitrary code execution in str_ireplace function to PHP (IBB) - 0 upvotes, $1000
- Format string vulnerability in zend_throw_or_error() to PHP (IBB) - 0 upvotes, $1000
- Use After Free in sortWithSortKeys() to PHP (IBB) - 0 upvotes, $1000
- str_repeat() sign mismatch based memory corruption to PHP (IBB) - 0 upvotes, $500
- PHP yaml_parse/yaml_parse_file/yaml_parse_url Unsafe Deserialization to PHP (IBB) - 0 upvotes, $500
- Null pointer dereference in phar_get_fp_offset() to PHP (IBB) - 0 upvotes, $500
- Mem out-of-bounds write (segfault) in ZEND_ASSIGN_DIV_SPEC_CV_UNUSED_HANDLER to PHP (IBB) - 0 upvotes, $500
- null pointer deref (segfault) in zend_eval_const_expr to PHP (IBB) - 0 upvotes, $500
- Null pointer deref (segfault) in spl_autoload via ob_start to PHP (IBB) - 0 upvotes, $500
- AddressSanitizer reports a global buffer overflow in mkgmtime() function to PHP (IBB) - 0 upvotes, $500
- Integer overflow in unserialize() (32-bits only) to PHP (IBB) - 0 upvotes, $500
- heap buffer overflow in enchant_broker_request_dict() to PHP (IBB) - 0 upvotes, $500
- curl_setopt_array() type confusion to PHP (IBB) - 0 upvotes, $500
- Files extracted from archive may be placed outside of destination directory to PHP (IBB) - 0 upvotes, $500
- invalid pointer free() in phar_tar_process_metadata() to PHP (IBB) - 0 upvotes, $500
- Memory Corruption in phar_parse_tarfile when entry filename starts with null to PHP (IBB) - 0 upvotes, $500
- Improved fix for bug #69545 (Integer overflow in ftp_genlist() resulting in heap overflow) to PHP (IBB) - 0 upvotes, $500
- Stack overflow when decompressing tar archives to PHP (IBB) - 0 upvotes, $500
- Use After Free in GC with Certain Destructors to PHP (IBB) - 0 upvotes, $500
- Use after free vulnerability in phar_parse_zipfile to PHP (IBB) - 0 upvotes, $500
- PHP builded for Windows with TS support does not resolve relalative paths with drive letter correctly to PHP (IBB) - 0 upvotes, $500