CVE-2015-8865
published 2016-05-20CVE-2015-8865: The file_check_mem function in funcs.c in file before 5.23, as used in the Fileinfo component in PHP before 5.5.34, 5.6.x before 5.6.20, and 7.x before 7.0.5…
high7.3CVSS 3.0
AVLACLPRLUIRSUCHIHAH
The file_check_mem function in funcs.c in file before 5.23, as used in the Fileinfo component in PHP before 5.5.34, 5.6.x before 5.6.20, and 7.x before 7.0.5, mishandles continuation-level jumps, which allows context-dependent attackers to cause a denial of service (buffer overflow and application crash) or possibly execute arbitrary code via a crafted magic file.
Affected
37 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apple | mac_os_x | <= 10.11.4 | — |
| apple | os_x_el_capitan_v10.11.5_and_security_update_2016-003 | — | — |
| debian | file | < file 1:5.24-1 (bookworm) | file 1:5.24-1 (bookworm) |
| file_project | file | >= 0 < 1:5.24-1 | 1:5.24-1 |
| file_project | file | >= 0 < 1:5.24-1 | 1:5.24-1 |
| file_project | file | >= 0 < 1:5.24-1 | 1:5.24-1 |
| file_project | file | >= 0 < 1:5.24-1 | 1:5.24-1 |
| file_project | file | >= 0 < 1:5.14-2ubuntu3.4 | 1:5.14-2ubuntu3.4 |
| file_project | file | >= 0 < 1:5.25-2ubuntu1.1 | 1:5.25-2ubuntu1.1 |
| file_project | file | >= 0 < 1:5.32-2ubuntu0.1 | 1:5.32-2ubuntu0.1 |
| php | php | <= 5.5.33 | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
CVSS provenance
nvdv3.07.3HIGHCVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
osv7.3HIGH