VDB
CVE-2015-4605
CVE-2015-4605
REJECTED
The mcopy function in softmagic.c in file 5.x, as used in the Fileinfo component in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8, does not properly restrict a certain offset value, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted string that is mishandled by a "Python script text executable" rule.
EPSS 9.11% · 92.8th percentile
Risk Scores
EPSS Score
9.11%
92.8th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ubuntu:14.04:LTS | php5 | 0, 5.5.3+dfsg-1ubuntu2, 5.5.6+dfsg-1ubuntu1 |
Exploit Intelligence
- RHSA-2015:1187 (circl)
- 1032709 (circl)
- RHSA-2015:1186 (circl)
- http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html (circl)
- 75233 (circl)
- http://php.net/ChangeLog-5.php (circl)
- [oss-security] 20150616 Re: CVE Request: various issues in PHP (circl)
- http://git.php.net/?p=php-src.git%3Ba=commit%3Bh=f938112c495b0d26572435c0be73ac0bfe642ecd (circl)
- RHSA-2015:1135 (circl)
- https://bugs.php.net/bug.php?id=68819 (vulncheck-nvd)
Timeline
- Feb 4, 2022 EPSS Score
- Mar 29, 2022 EPSS Score
- Jul 12, 2022 EPSS Score
- Sep 3, 2022 EPSS Score
- Dec 18, 2022 EPSS Score
- Feb 8, 2023 EPSS Score
- May 25, 2023 EPSS Score
- Jul 9, 2023 EPSS Score
- Sep 7, 2023 EPSS Score
- Oct 29, 2023 EPSS Score
- Feb 12, 2024 EPSS Score
- Apr 4, 2024 EPSS Score
References
- https://ubuntu.com/security/CVE-2015-4605 third-party-advisory
- https://ubuntu.com/security/notices/USN-2658-1 vendor-advisory
- https://www.cve.org/CVERecord?id=CVE-2015-4605 third-party-advisory