CVE-2015-4605

high

Description

The mcopy function in softmagic.c in file 5.x, as used in the Fileinfo component in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8, does not properly restrict a certain offset value, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted string that is mishandled by a "Python script text executable" rule.

References

http://git.php.net/?p=php-src.git;a=commit;h=f938112c495b0d26572435c0be73ac0bfe642ecd

http://php.net/ChangeLog-5.php

http://rhn.redhat.com/errata/RHSA-2015-1135.html

http://rhn.redhat.com/errata/RHSA-2015-1186.html

http://rhn.redhat.com/errata/RHSA-2015-1187.html

http://www.openwall.com/lists/oss-security/2015/06/16/12

http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html

http://www.securityfocus.com/bid/75233

http://www.securitytracker.com/id/1032709

https://bugs.php.net/bug.php?id=68819

Details

Source: MITRE

Published: 2016-05-16

Updated: 2019-04-22

Type: CWE-20

Risk Information

CVSS v2

Base Score: 5

Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

Impact Score: 2.9

Exploitability Score: 10

Severity: MEDIUM

CVSS v3

Base Score: 7.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Impact Score: 3.6

Exploitability Score: 3.9

Severity: HIGH