CVE-2015-4605
Published: 18 June 2015
The mcopy function in softmagic.c in file 5.x, as used in the Fileinfo component in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8, does not properly restrict a certain offset value, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted string that is mishandled by a "Python script text executable" rule.
Notes
| Author | Note |
|---|---|
| sbeattie | unable to reproduce file crash on precise, trusty, or vivid |
| mdeslaur | same fix as CVE-2015-4604 |
Priority
CVSS 3 base score: 7.5
Status
| Package | Release | Status |
|---|---|---|
|
php5 Launchpad, Ubuntu, Debian |
upstream |
Released
(5.6.9+dfsg-1)
|
| precise |
Not vulnerable
(5.3.10-1ubuntu3.18)
|
|
| trusty |
Not vulnerable
(5.5.9+dfsg-1ubuntu4.9)
|
|
| utopic |
Not vulnerable
(5.5.12+dfsg-2ubuntu4.4)
|
|
| vivid |
Released
(5.6.4+dfsg-4ubuntu6.2)
|
|
|
file Launchpad, Ubuntu, Debian |
upstream |
Needs triage
|
| precise |
Not vulnerable
|
|
| trusty |
Not vulnerable
|
|
| utopic |
Not vulnerable
|
|
| vivid |
Not vulnerable
|