| Package | php5 |
|---|---|
| Version | 5.4.45-0+deb7u15 |
| Related CVEs | CVE-2018-14851 CVE-2018-14883 |
Two vulnerabilities have been discovered in php5, a server-side, HTML-embedded scripting language. One (CVE-2018-14851) results in a potential denial of service (out-of-bounds read and application crash) via a crafted JPEG file. The other (CVE-2018-14883) is an Integer Overflow that leads to a heap-based buffer over-read.
For Debian 7 Wheezy, these problems have been fixed in version 5.4.45-0+deb7u15.
We recommend that you upgrade your php5 packages.
Further information about Extended LTS security advisories can be found in the dedicated section of our website.