SecurityCenter is potentially impacted by several vulnerabilities in PHP that were recently disclosed and fixed. Note that due to the time involved in doing a full analysis of the issue, Tenable has opted to patch the included version of PHP as a precaution, and to save time instead. PHP ext/intl/grapheme/grapheme_string.c zif_grapheme_stripos Negative Offset Handling Out-of-bounds Read issue PHP ext/xml/xml.c xml_parse_into_struct() Function XML Handling Remote DoS PHP ext/exif/exif.c exif_read_data() Function Exif Header Handling Remote Out-of-bounds Read Issue PHP ext/bcmath/bcmath.c php_str2num() Function Negative Scale Handling Remote Out-of-bounds Read Issue GD Graphics Library (libgd) gd_gd2.c Compressed GD2 Data Handling Signedness Error Heap Buffer Overflow Note: The CVSSv2 score used in this advisory reflects the GD Graphics Library issue, as it is considered the highest risk. Further, Tenable strongly recommends that Nessus be installed on a subnet that is not Internet addressable.