CVE-2015-0232
published 2015-01-27CVE-2015-0232: The exif_process_unicode function in ext/exif/exif.c in PHP before 5.4.37, 5.5.x before 5.5.21, and 5.6.x before 5.6.5 allows remote attackers to execute…
PriorityP342medium6.8CVSS 2.0
AVNACMAuNCPIPAP
EPSS
15.37%
96.4th percentile
The exif_process_unicode function in ext/exif/exif.c in PHP before 5.4.37, 5.5.x before 5.5.21, and 5.6.x before 5.6.5 allows remote attackers to execute arbitrary code or cause a denial of service (uninitialized pointer free and application crash) via crafted EXIF data in a JPEG image.
Affected
62 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apple | os_x_el_capitan_v10.11 | — | — |
| php | php | <= 5.4.36 | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Trigger condition: crafted EXIF data embedded in a JPEG image passed to exif_read_data() causes uninitialized pointer free in exif_process_unicode() ↗
- →Vulnerable function is exif_process_unicode in ext/exif/exif.c; monitor PHP crash/abort signals when processing JPEG/TIFF uploads with EXIF data ↗
- →Upstream fix commits can be used to diff and build detection signatures for the vulnerable code path ↗
- ·PHP versions before 5.4.37, 5.5.x before 5.5.21, and 5.6.x before 5.6.5 are vulnerable; Red Hat Enterprise Linux 5 (php package) is listed as Not affected, and rh-php56-php (Red Hat Software Collections) is also Not affected ↗
- ·Tenable SecurityCenter exposes the related process_nested_data() issue (CVE-2015-0231) only to authenticated users; CVE-2015-0232 (exif_process_unicode) is a separate code path triggered via JPEG EXIF parsing ↗
CVSS provenance
nvdv2.06.8MEDIUMAV:N/AC:M/Au:N/C:P/I:P/A:P
osv7.5HIGH
vendor_ubuntu7.5HIGH
vendor_redhat6.8MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-pprc-9jwm-mwxq: The exif_process_unicode function in ext/exif/exif
ghsa_unreviewed·2022-05-14
CVE-2015-0232 [MEDIUM] GHSA-pprc-9jwm-mwxq: The exif_process_unicode function in ext/exif/exif
The exif_process_unicode function in ext/exif/exif.c in PHP before 5.4.37, 5.5.x before 5.5.21, and 5.6.x before 5.6.5 allows remote attackers to execute arbitrary code or cause a denial of service (uninitialized pointer free and application crash) via crafted EXIF data in a JPEG image.
OSV
php5 vulnerabilities
osv·2015-02-17·CVSS 7.5
CVE-2014-8142 [HIGH] php5 vulnerabilities
php5 vulnerabilities
Stefan Esser discovered that PHP incorrectly handled unserializing objects.
A remote attacker could use this issue to cause PHP to crash, resulting in
a denial of service, or possibly execute arbitrary code. (CVE-2014-8142,
CVE-2015-0231)
Brian Carpenter discovered that the PHP CGI component incorrectly handled
invalid files. A local attacker could use this issue to obtain sensitive
information, or possibly execute arbitrary code. This issue only affected
Ubuntu 14.04 LTS and Ubuntu 14.10. (CVE-2014-9427)
It was discovered that PHP incorrectly handled certain pascal strings in
the fileinfo extension. A remote attacker could possibly use this issue to
cause PHP to crash, resulting in a denial of service. This issue only
affected Ubuntu 14.04 LTS and Ubuntu 14.10. (CV
OSV
CVE-2015-0232: The exif_process_unicode function in ext/exif/exif
osv·2015-01-27·CVSS 6.8
CVE-2015-0232 [MEDIUM] CVE-2015-0232: The exif_process_unicode function in ext/exif/exif
The exif_process_unicode function in ext/exif/exif.c in PHP before 5.4.37, 5.5.x before 5.5.21, and 5.6.x before 5.6.5 allows remote attackers to execute arbitrary code or cause a denial of service (uninitialized pointer free and application crash) via crafted EXIF data in a JPEG image.
Ubuntu
PHP vulnerabilities
vendor_ubuntu·2015-02-17·CVSS 7.5
CVE-2014-8142 [HIGH] PHP vulnerabilities
Title: PHP vulnerabilities
Summary: Several security issues were fixed in PHP.
Stefan Esser discovered that PHP incorrectly handled unserializing objects.
A remote attacker could use this issue to cause PHP to crash, resulting in
a denial of service, or possibly execute arbitrary code. (CVE-2014-8142,
CVE-2015-0231)
Brian Carpenter discovered that the PHP CGI component incorrectly handled
invalid files. A local attacker could use this issue to obtain sensitive
information, or possibly execute arbitrary code. This issue only affected
Ubuntu 14.04 LTS and Ubuntu 14.10. (CVE-2014-9427)
It was discovered that PHP incorrectly handled certain pascal strings in
the fileinfo extension. A remote attacker could possibly use this issue to
cause PHP to crash, resulting in a denial of service. This
Red Hat
php: Free called on unitialized pointer in exif.c
vendor_redhat·2015-01-01·CVSS 6.8
CVE-2015-0232 [MEDIUM] CWE-822 php: Free called on unitialized pointer in exif.c
php: Free called on unitialized pointer in exif.c
The exif_process_unicode function in ext/exif/exif.c in PHP before 5.4.37, 5.5.x before 5.5.21, and 5.6.x before 5.6.5 allows remote attackers to execute arbitrary code or cause a denial of service (uninitialized pointer free and application crash) via crafted EXIF data in a JPEG image.
An uninitialized pointer use flaw was found in PHP's Exif extension. A specially crafted JPEG or TIFF file could cause a PHP application using the exif_read_data() function to crash or, possibly, execute arbitrary code with the privileges of the user running that PHP application.
Package: php (Red Hat Enterprise Linux 5) - Not affected
Package: php53 (Red Hat Enterprise Linux 5) - Will not fix
Package: php54-php (Red Hat Software Collections) - Affected
Apple
CVE-2015-0232: OS X El Capitan v10.11
vendor_apple·CVSS 6.8
CVE-2015-0232 [MEDIUM] CVE-2015-0232: OS X El Capitan v10.11
Apple Security Update: About the security content of OS X El Capitan v10.11
Product: OS X El Capitan v10.11
CVE: CVE-2015-0232
Component: CVE-2015-0232
No detection rules found.
No public exploits indexed.
Tenable
[R5] Tenable Products Affected by PHP < 5.5.21 / 5.4.37 Vulnerabilities
blogs_tenable·2015-02-03
[R5] Tenable Products Affected by PHP < 5.5.21 / 5.4.37 Vulnerabilities
## Cloud Exposure
Tenable Cloud Security (CNAPP) Request a demo
Tenable Cloud Vulnerability Management Request a demo
Tenable CIEM Request a demo
Secure your cloud
## Vulnerability Exposure
Tenable Vulnerability Management Try for free
Tenable Security Center Request a demo
Tenable Web App Scanning Try for free
Tenable Patch Management Request a demo
Tenable Enclave Security Request a demo
Tenable Attack Surface Management Request a demo
Tenable Nessus Try for free
## AI Exposure
Tenable AI Exposure Request a demo
## OT/IoT Exposure
Tenable OT Security Request a demo
## Identity Exposure
Tenable Identity Exposure Request a demo
## Business needs
Active Directory
AI Security Posture Management (AI-SPM)
AWS security
Azure security
Cloud Security Posture Man
Bugzilla
CVE-2015-0232 php: Free called on unitialized pointer in exif.c
bugzilla·2015-01-23·CVSS 6.8
CVE-2015-0232 [MEDIUM] CVE-2015-0232 php: Free called on unitialized pointer in exif.c
CVE-2015-0232 php: Free called on unitialized pointer in exif.c
The PHP Project reports:
A free called on unitialized pointer exists in exif.c.
Upstream bug:
https://bugs.php.net/bug.php?id=68799
Upstream commits in various PHP branches:
http://git.php.net/?p=php-src.git;a=commitdiff;h=2fc178cf448d8e1b95d1314e47eeef610729e0df
http://git.php.net/?p=php-src.git;a=commitdiff;h=21bc7464f454fec18a9ec024c738f195602fee2a
http://git.php.net/?p=php-src.git;a=commitdiff;h=55001de6d8c6ed2aada870a76de1e4b4558737bf
Discussion:
Fixed upstream in PHP 5.6.5, 5.5.21, and 5.4.37:
http://php.net/ChangeLog-5.php#5.6.5
http://php.net/ChangeLog-5.php#5.5.21
http://php.net/ChangeLog-5.php#5.4.37
---
php-5.6.5-1.fc21 has been pushed to the Fedora 21 stable repository. If problems still persist, please ma
http://advisories.mageia.org/MGASA-2015-0040.htmlhttp://git.php.net/?p=php-src.git%3Ba=commit%3Bh=21bc7464f454fec18a9ec024c738f195602fee2ahttp://git.php.net/?p=php-src.git%3Ba=commit%3Bh=2fc178cf448d8e1b95d1314e47eeef610729e0dfhttp://git.php.net/?p=php-src.git%3Ba=commit%3Bh=55001de6d8c6ed2aada870a76de1e4b4558737bfhttp://lists.apple.com/archives/security-announce/2015/Sep/msg00008.htmlhttp://lists.opensuse.org/opensuse-security-announce/2015-02/msg00029.htmlhttp://lists.opensuse.org/opensuse-updates/2015-02/msg00079.htmlhttp://marc.info/?l=bugtraq&m=143748090628601&w=2http://marc.info/?l=bugtraq&m=144050155601375&w=2http://rhn.redhat.com/errata/RHSA-2015-1053.htmlhttp://rhn.redhat.com/errata/RHSA-2015-1066.htmlhttp://rhn.redhat.com/errata/RHSA-2015-1135.htmlhttp://rhn.redhat.com/errata/RHSA-2015-1218.htmlhttp://www.debian.org/security/2015/dsa-3195http://www.mandriva.com/security/advisories?name=MDVSA-2015:032http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.htmlhttp://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.htmlhttp://www.php.net/ChangeLog-5.phphttp://www.securityfocus.com/bid/72541https://bugs.php.net/bug.php?id=68799https://bugzilla.redhat.com/show_bug.cgi?id=1185472https://security.gentoo.org/glsa/201503-03https://support.apple.com/HT205267http://advisories.mageia.org/MGASA-2015-0040.htmlhttp://git.php.net/?p=php-src.git%3Ba=commit%3Bh=21bc7464f454fec18a9ec024c738f195602fee2ahttp://git.php.net/?p=php-src.git%3Ba=commit%3Bh=2fc178cf448d8e1b95d1314e47eeef610729e0dfhttp://git.php.net/?p=php-src.git%3Ba=commit%3Bh=55001de6d8c6ed2aada870a76de1e4b4558737bfhttp://lists.apple.com/archives/security-announce/2015/Sep/msg00008.htmlhttp://lists.opensuse.org/opensuse-security-announce/2015-02/msg00029.htmlhttp://lists.opensuse.org/opensuse-updates/2015-02/msg00079.htmlhttp://marc.info/?l=bugtraq&m=143748090628601&w=2http://marc.info/?l=bugtraq&m=144050155601375&w=2http://rhn.redhat.com/errata/RHSA-2015-1053.htmlhttp://rhn.redhat.com/errata/RHSA-2015-1066.htmlhttp://rhn.redhat.com/errata/RHSA-2015-1135.htmlhttp://rhn.redhat.com/errata/RHSA-2015-1218.htmlhttp://www.debian.org/security/2015/dsa-3195http://www.mandriva.com/security/advisories?name=MDVSA-2015:032http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.htmlhttp://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.htmlhttp://www.php.net/ChangeLog-5.phphttp://www.securityfocus.com/bid/72541https://bugs.php.net/bug.php?id=68799https://bugzilla.redhat.com/show_bug.cgi?id=1185472https://security.gentoo.org/glsa/201503-03https://support.apple.com/HT205267
2015-01-27
Published