Hypertext Preprocessor (PHP) development team has released a new version of PHP in order to fix several vulnerabilities.The vulnerabilities was know "CVE-2014-3669" which can cause integer overflow when parsing specially crafted serialised data with unserialize ().
Development team also fixed errors associated with null bytes in the library cURL,calling the damages dynamic memory during processing of the modified data as a function of exif_thumbnail () in image processing,bug refer as (CVE-2014-3670),as well as buffer overflow in the function mkgtime () from module XMLRPC which refer as (CVE-2014-3668).
Vulnerabilities mention above was discovered by the Researchlab of IT security Company High-Tech Bridge.
For more info refer PHP website.
Also read Facebook Double Advertising Bug Bounty.
Post a Comment