CVE-2015-8874MEDIUM
Description
Stack consumption vulnerability in GD in PHP before 5.6.12 allows remote attackers to cause a denial of service via a crafted imagefilltoborder call.
References
http://lists.opensuse.org/opensuse-updates/2016-06/msg00027.html
http://php.net/ChangeLog-5.php
http://rhn.redhat.com/errata/RHSA-2016-2750.html
http://www.debian.org/security/2016/dsa-3587
http://www.ubuntu.com/usn/USN-2987-1
https://bugs.php.net/bug.php?id=66387
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05240731
Details
Source: MITRE
Published: 2016-05-16
Updated: 2018-10-30
Type: CWE-119
Risk Information
CVSS v2.0
Base Score: 5
Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
Impact Score: 2.9
Exploitability Score: 10
Severity: MEDIUM
CVSS v3.0
Base Score: 7.5
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Impact Score: 3.6
Exploitability Score: 3.9
Severity: HIGH
Vulnerable Software
Configuration 1
OR
Configuration 2
OR
cpe:2.3:a:php:php:*:*:*:*:*:*:*:* versions up to 5.6.11 (inclusive)
Tenable Plugins
| ID | Name | Product | Family | Severity |
|---|---|---|---|---|
| 137966 | EulerOS Virtualization 3.0.6.0 : php (EulerOS-SA-2020-1747) | Nessus | Huawei Local Security Checks | critical |
| 132184 | EulerOS 2.0 SP3 : php (EulerOS-SA-2019-2649) | Nessus | Huawei Local Security Checks | critical |
| 131592 | EulerOS 2.0 SP2 : php (EulerOS-SA-2019-2438) | Nessus | Huawei Local Security Checks | critical |
| 129178 | EulerOS 2.0 SP5 : php (EulerOS-SA-2019-1984) | Nessus | Huawei Local Security Checks | high |
| 128894 | EulerOS 2.0 SP2 : gd (EulerOS-SA-2019-1842) | Nessus | Huawei Local Security Checks | medium |
| 122536 | PHP 7.0.x < 7.0.0 Multiple Vulnerabilities | Nessus | CGI abuses | medium |
| 98804 | PHP 5.6.x < 5.6.12 Multiple Vulnerabilities | Web Application Scanning | Component Vulnerability | high |
| 119978 | SUSE SLES12 Security Update : php5 (SUSE-SU-2016:1504-1) | Nessus | SuSE Local Security Checks | high |
| 93161 | SUSE SLES11 Security Update : php53 (SUSE-SU-2016:1638-1) (BACKRONYM) | Nessus | SuSE Local Security Checks | critical |
| 92663 | Amazon Linux AMI : php55 / php56 (ALAS-2016-728) (httpoxy) | Nessus | Amazon Linux Local Security Checks | high |
| 92392 | Fedora 23 : gd (2016-d126bb1b74) | Nessus | Fedora Local Security Checks | medium |
| 92275 | Fedora 24 : gd (2016-a4d48d6fd6) | Nessus | Fedora Local Security Checks | medium |
| 91897 | PHP 5.5.x < 5.5.37 Multiple Vulnerabilities | Nessus | CGI abuses | high |
| 91839 | FreeBSD : php -- multiple vulnerabilities (66d77c58-3b1d-11e6-8e82-002590263bf5) | Nessus | FreeBSD Local Security Checks | high |
| 91665 | SUSE SLES11 Security Update : php53 (SUSE-SU-2016:1581-1) | Nessus | SuSE Local Security Checks | critical |
| 91585 | openSUSE Security Update : php5 (openSUSE-2016-703) | Nessus | SuSE Local Security Checks | high |
| 91531 | openSUSE Security Update : php5 (openSUSE-2016-696) | Nessus | SuSE Local Security Checks | high |
| 91423 | Ubuntu 12.04 LTS / 14.04 LTS / 15.10 / 16.04 LTS : libgd2 vulnerabilities (USN-2987-1) | Nessus | Ubuntu Local Security Checks | high |
| 91364 | Debian DSA-3587-1 : libgd2 - security update | Nessus | Debian Local Security Checks | medium |
| 91264 | Debian DLA-482-1 : libgd2 security update | Nessus | Debian Local Security Checks | medium |
| 8960 | PHP 5.6.x < 5.6.12 Multiple Vulnerabilities | Nessus Network Monitor | Web Servers | high |
| 85300 | PHP 5.6.x < 5.6.12 Multiple Vulnerabilities | Nessus | CGI abuses | high |