CVE-2015-4605

The mcopy function in softmagic.c in file 5.x, as used in the Fileinfo component in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8, does not properly restrict a certain offset value, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted string that is mishandled by a "Python script text executable" rule.

Published: May 16, 2016
Updated: Apr 13, 2023
CVE: CVE-2015-4605
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 7.5
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CVSS v2:

Severity: Medium
Score: 5
AV:N/AC:L/Au:N/C:N/I:N/A:P

CWEs:

CWE-20

Affected Software
References

Software	From	Fixed in
php / php	5.6.1	5.6.1.x
php / php	5.6.5	5.6.5.x
php / php	-	5.4.39.x
php / php	5.5.19	5.5.19.x
php / php	5.5.0	5.5.0.x
php / php	5.5.16	5.5.16.x
php / php	5.6.0	5.6.0.x
php / php	5.5.1	5.5.1.x
php / php	5.5.5	5.5.5.x
php / php	5.6.4	5.6.4.x
php / php	5.5.21	5.5.21.x
php / php	5.6.6	5.6.6.x
php / php	5.5.17	5.5.17.x
php / php	5.5.14	5.5.14.x
php / php	5.5.7	5.5.7.x
php / php	5.6.2	5.6.2.x
php / php	5.5.12	5.5.12.x
php / php	5.5.6	5.5.6.x
php / php	5.6.7	5.6.7.x
php / php	5.5.3	5.5.3.x
php / php	5.5.23	5.5.23.x
php / php	5.5.8	5.5.8.x
php / php	5.5.15	5.5.15.x
php / php	5.5.11	5.5.11.x
php / php	5.5.13	5.5.13.x
php / php	5.5.4	5.5.4.x
php / php	5.5.10	5.5.10.x
php / php	5.6.3	5.6.3.x
php / php	5.5.22	5.5.22.x
php / php	5.5.18	5.5.18.x
php / php	5.5.20	5.5.20.x
php / php	5.5.2	5.5.2.x
php / php	5.5.9	5.5.9.x
redhat / enterprise_linux_desktop	7.0	7.0.x
redhat / enterprise_linux_workstation	7.0	7.0.x
redhat / enterprise_linux_server	7.0	7.0.x
redhat / enterprise_linux_hpc_node	7.0	7.0.x
redhat / enterprise_linux_server_eus	7.1	7.1.x
redhat / enterprise_linux_hpc_node_eus	7.1	7.1.x
redhat / enterprise_linux	7.0	7.0.x
redhat / enterprise_linux	6.0	6.0.x

Vulnerability Database

289,599

CVE-2015-4605