CVE-2015-8874

high
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

Stack consumption vulnerability in GD in PHP before 5.6.12 allows remote attackers to cause a denial of service via a crafted imagefilltoborder call.

References

http://lists.opensuse.org/opensuse-updates/2016-06/msg00027.html

http://php.net/ChangeLog-5.php

http://rhn.redhat.com/errata/RHSA-2016-2750.html

http://www.debian.org/security/2016/dsa-3587

http://www.ubuntu.com/usn/USN-2987-1

https://bugs.php.net/bug.php?id=66387

https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05240731

Details

Source: MITRE

Published: 2016-05-16

Updated: 2018-10-30

Type: CWE-119

Risk Information

CVSS v2

Base Score: 5

Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

Impact Score: 2.9

Exploitability Score: 10

Severity: MEDIUM

CVSS v3

Base Score: 7.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Impact Score: 3.6

Exploitability Score: 3.9

Severity: HIGH

Vulnerable Software

Configuration 1

OR

cpe:2.3:o:opensuse:leap:42.1:*:*:*:*:*:*:*

Configuration 2

OR

cpe:2.3:a:php:php:*:*:*:*:*:*:*:* versions up to 5.6.11 (inclusive)

Tenable Plugins

View all (22 total)

IDNameProductFamilySeverity
137966EulerOS Virtualization 3.0.6.0 : php (EulerOS-SA-2020-1747)NessusHuawei Local Security Checks
critical
132184EulerOS 2.0 SP3 : php (EulerOS-SA-2019-2649)NessusHuawei Local Security Checks
critical
131592EulerOS 2.0 SP2 : php (EulerOS-SA-2019-2438)NessusHuawei Local Security Checks
critical
129178EulerOS 2.0 SP5 : php (EulerOS-SA-2019-1984)NessusHuawei Local Security Checks
critical
128894EulerOS 2.0 SP2 : gd (EulerOS-SA-2019-1842)NessusHuawei Local Security Checks
high
122536PHP 7.0.x < 7.0.0 Multiple VulnerabilitiesNessusCGI abuses
high
98804PHP 5.6.x < 5.6.12 Multiple VulnerabilitiesWeb Application ScanningComponent Vulnerability
high
119978SUSE SLES12 Security Update : php5 (SUSE-SU-2016:1504-1)NessusSuSE Local Security Checks
high
93161SUSE SLES11 Security Update : php53 (SUSE-SU-2016:1638-1) (BACKRONYM)NessusSuSE Local Security Checks
critical
92663Amazon Linux AMI : php55 / php56 (ALAS-2016-728) (httpoxy)NessusAmazon Linux Local Security Checks
critical
92392Fedora 23 : gd (2016-d126bb1b74)NessusFedora Local Security Checks
high
92275Fedora 24 : gd (2016-a4d48d6fd6)NessusFedora Local Security Checks
high
91897PHP 5.5.x < 5.5.37 Multiple VulnerabilitiesNessusCGI abuses
critical
91839FreeBSD : php -- multiple vulnerabilities (66d77c58-3b1d-11e6-8e82-002590263bf5)NessusFreeBSD Local Security Checks
critical
91665SUSE SLES11 Security Update : php53 (SUSE-SU-2016:1581-1)NessusSuSE Local Security Checks
critical
91585openSUSE Security Update : php5 (openSUSE-2016-703)NessusSuSE Local Security Checks
critical
91531openSUSE Security Update : php5 (openSUSE-2016-696)NessusSuSE Local Security Checks
critical
91423Ubuntu 12.04 LTS / 14.04 LTS / 15.10 / 16.04 LTS : libgd2 vulnerabilities (USN-2987-1)NessusUbuntu Local Security Checks
critical
91364Debian DSA-3587-1 : libgd2 - security updateNessusDebian Local Security Checks
high
91264Debian DLA-482-1 : libgd2 security updateNessusDebian Local Security Checks
high
8960PHP 5.6.x < 5.6.12 Multiple VulnerabilitiesNessus Network MonitorWeb Servers
high
85300PHP 5.6.x < 5.6.12 Multiple VulnerabilitiesNessusCGI abuses
high