Your submission was sent successfully! Close

CVE-2015-8865

Published: 31 December 2015

The file_check_mem function in funcs.c in file before 5.23, as used in the Fileinfo component in PHP before 5.5.34, 5.6.x before 5.6.20, and 7.x before 7.0.5, mishandles continuation-level jumps, which allows context-dependent attackers to cause a denial of service (buffer overflow and application crash) or possibly execute arbitrary code via a crafted magic file.

Priority

Low

CVSS 3 base score: 7.3

Status

Package Release Status
file
Launchpad, Ubuntu, Debian
artful Not vulnerable

bionic Not vulnerable

precise
Released (5.09-2ubuntu0.7)
trusty
Released (1:5.14-2ubuntu3.4)
upstream
Released (1:5.24-1)
wily Ignored
(reached end-of-life)
xenial Not vulnerable
(1:5.25-2ubuntu1)
yakkety Not vulnerable

zesty Not vulnerable

php5
Launchpad, Ubuntu, Debian
artful Does not exist

bionic Does not exist

precise
Released (5.3.10-1ubuntu3.22)
trusty
Released (5.5.9+dfsg-1ubuntu4.16)
upstream
Released (5.6.20+dfsg-1)
wily
Released (5.6.11+dfsg-1ubuntu3.2)
xenial Does not exist

yakkety Does not exist

zesty Does not exist

php7.0
Launchpad, Ubuntu, Debian
artful Does not exist

bionic Does not exist

precise Does not exist

trusty Does not exist

upstream
Released (7.0.5-1)
wily Does not exist

xenial
Released (7.0.4-7ubuntu2.1)
yakkety Not vulnerable
(7.0.8-3ubuntu1)
zesty Not vulnerable
(7.0.8-3ubuntu1)