CVE-2015-4604
Published: 17 June 2015
The mget function in softmagic.c in file 5.x, as used in the Fileinfo component in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8, does not properly maintain a certain pointer relationship, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted string that is mishandled by a "Python script text executable" rule.
Notes
| Author | Note |
|---|---|
| mdeslaur | introduced by http://git.php.net/?p=php-src.git;a=commit;h=eeaec70 can't reproduce with file |
Priority
Status
| Package | Release | Status |
|---|---|---|
|
file Launchpad, Ubuntu, Debian |
precise |
Not vulnerable
|
| trusty |
Not vulnerable
|
|
| upstream |
Needs triage
|
|
| utopic |
Ignored
(end of life)
|
|
| vivid |
Ignored
(end of life)
|
|
| wily |
Not vulnerable
|
|
| xenial |
Not vulnerable
|
|
|
php5 Launchpad, Ubuntu, Debian |
precise |
Not vulnerable
(5.3.10-1ubuntu3.18)
|
| trusty |
Not vulnerable
(5.5.9+dfsg-1ubuntu4.9)
|
|
| upstream |
Released
(5.6.9+dfsg-1)
|
|
| utopic |
Not vulnerable
(5.5.12+dfsg-2ubuntu4.4)
|
|
| vivid |
Released
(5.6.4+dfsg-4ubuntu6.2)
|
|
| wily |
Released
(5.6.9+dfsg-1ubuntu1)
|
|
| xenial |
Does not exist
|
|
|
Patches: upstream: http://git.php.net/?p=php-src.git;a=commit;h=f938112c495b0d26572435c0be73ac0bfe642ecd (5.4-5.6) |
||
Severity score breakdown
| Parameter | Value |
|---|---|
| Base score | 7.5 |
| Attack vector | Network |
| Attack complexity | Low |
| Privileges required | None |
| User interaction | None |
| Scope | Unchanged |
| Confidentiality | None |
| Integrity impact | None |
| Availability impact | High |
| Vector | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |