PRIOn knowledge basePRION:CVE-2015-4604

HistoryMay 16, 2016 - 10:59 a.m.

Code injection

2016-05-1610:59:00

PRIOn knowledge base

www.prio-n.com

8.4 High

AI Score

Confidence

High

0.087 Low

EPSS

Percentile

94.5%

JSON

The mget function in softmagic.c in file 5.x, as used in the Fileinfo component in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8, does not properly maintain a certain pointer relationship, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted string that is mishandled by a “Python script text executable” rule.

CPENameOperatorVersion
phpeq5.6.1
phpeq5.6.5
phple5.4.39
phpeq5.5.19
phpeq5.5.0
phpeq5.5.16
phpeq5.6.0
phpeq5.5.1
phpeq5.5.5
phpeq5.6.4

Name	Operator	Version
php	eq	5.6.1
php	eq	5.6.5
php	le	5.4.39
php	eq	5.5.19
php	eq	5.5.0
php	eq	5.5.16
php	eq	5.6.0
php	eq	5.5.1
php	eq	5.5.5
php	eq	5.6.4

Rows per page:

1-10 of 411

References

git.php.net/?p=php-src.git;a=commit;h=f938112c495b0d26572435c0be73ac0bfe642ecd

php.net/ChangeLog-5.php

rhn.redhat.com/errata/RHSA-2015-1135.html

rhn.redhat.com/errata/RHSA-2015-1186.html

rhn.redhat.com/errata/RHSA-2015-1187.html

www.openwall.com/lists/oss-security/2015/06/16/12

www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html

www.securityfocus.com/bid/75241

www.securitytracker.com/id/1032709

bugs.php.net/bug.php?id=68819

Code injection

References

Related