CVE-2015-8865

The file_check_mem function in funcs.c in file before 5.23, as used in the Fileinfo component in PHP before 5.5.34, 5.6.x before 5.6.20, and 7.x before 7.0.5, mishandles continuation-level jumps, which allows context-dependent attackers to cause a denial of service (buffer overflow and application crash) or possibly execute arbitrary code via a crafted magic file.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.3 HIGH
LOCAL
LOW
LOW
CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 83%
VendorProductVersion
phpphp
𝑥
≤ 5.5.33
phpphp
5.6.0:alpha1
phpphp
5.6.0:alpha2
phpphp
5.6.0:alpha3
phpphp
5.6.0:alpha4
phpphp
5.6.0:alpha5
phpphp
5.6.0:beta1
phpphp
5.6.0:beta2
phpphp
5.6.0:beta3
phpphp
5.6.0:beta4
phpphp
5.6.1
phpphp
5.6.2
phpphp
5.6.3
phpphp
5.6.4
phpphp
5.6.5
phpphp
5.6.6
phpphp
5.6.7
phpphp
5.6.8
phpphp
5.6.9
phpphp
5.6.10
phpphp
5.6.11
phpphp
5.6.12
phpphp
5.6.13
phpphp
5.6.14
phpphp
5.6.15
phpphp
5.6.16
phpphp
5.6.17
phpphp
5.6.18
phpphp
5.6.19
phpphp
7.0.0
phpphp
7.0.1
phpphp
7.0.2
phpphp
7.0.3
phpphp
7.0.4
applemac_os_x
𝑥
≤ 10.11.4
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
file
bullseye (security)
1:5.39-3+deb11u1
fixed
bullseye
1:5.39-3+deb11u1
fixed
bookworm
1:5.44-3
fixed
sid
1:5.45-3
fixed
trixie
1:5.45-3
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
file
bionic
not-affected
artful
not-affected
zesty
not-affected
yakkety
not-affected
xenial
not-affected
wily
ignored
trusty
Fixed 1:5.14-2ubuntu3.4
released
precise
ignored
php5
bionic
dne
artful
dne
zesty
dne
yakkety
dne
xenial
dne
wily
Fixed 5.6.11+dfsg-1ubuntu3.2
released
trusty
Fixed 5.5.9+dfsg-1ubuntu4.16
released
precise
Fixed 5.3.10-1ubuntu3.22
released
php7.0
bionic
dne
artful
dne
zesty
not-affected
yakkety
not-affected
xenial
Fixed 7.0.4-7ubuntu2.1
released
wily
dne
trusty
dne
precise
dne
Common Weakness Enumeration
References
http://bugs.gw.com/view.php?id=522
http://git.php.net/?p=php-src.git%3Ba=commit%3Bh=fe13566c93f118a15a96320a546c7878fd0cfc5e
http://lists.apple.com/archives/security-announce/2016/May/msg00004.html
http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00057.html
http://rhn.redhat.com/errata/RHSA-2016-2750.html
http://www.debian.org/security/2016/dsa-3560
http://www.openwall.com/lists/oss-security/2016/04/24/1
http://www.php.net/ChangeLog-5.php
http://www.php.net/ChangeLog-7.php
http://www.securityfocus.com/bid/85802
http://www.ubuntu.com/usn/USN-2952-1
http://www.ubuntu.com/usn/USN-2952-2
https://bugs.php.net/bug.php?id=71527
https://github.com/file/file/commit/6713ca45e7757297381f4b4cdb9cf5e624a9ad36
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05240731
https://security.gentoo.org/glsa/201611-22
https://security.gentoo.org/glsa/201701-42
https://support.apple.com/HT206567
https://usn.ubuntu.com/3686-1/
https://usn.ubuntu.com/3686-2/
http://bugs.gw.com/view.php?id=522
http://git.php.net/?p=php-src.git%3Ba=commit%3Bh=fe13566c93f118a15a96320a546c7878fd0cfc5e
http://lists.apple.com/archives/security-announce/2016/May/msg00004.html
http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00057.html
http://rhn.redhat.com/errata/RHSA-2016-2750.html
http://www.debian.org/security/2016/dsa-3560
http://www.openwall.com/lists/oss-security/2016/04/24/1
http://www.php.net/ChangeLog-5.php
http://www.php.net/ChangeLog-7.php
http://www.securityfocus.com/bid/85802
http://www.ubuntu.com/usn/USN-2952-1
http://www.ubuntu.com/usn/USN-2952-2
https://bugs.php.net/bug.php?id=71527
https://github.com/file/file/commit/6713ca45e7757297381f4b4cdb9cf5e624a9ad36
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05240731
https://security.gentoo.org/glsa/201611-22
https://security.gentoo.org/glsa/201701-42
https://support.apple.com/HT206567
https://usn.ubuntu.com/3686-1/
https://usn.ubuntu.com/3686-2/