1. Home
  2. CVE Database
  3. CVE-2015-4604
HIGH · 7.5

CVE-2015-4604

The mget function in softmagic.c in file 5.x, as used in the Fileinfo component in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8, does not properly maintain a certain pointer relation...

Vulnerability Description

The mget function in softmagic.c in file 5.x, as used in the Fileinfo component in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8, does not properly maintain a certain pointer relationship, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted string that is mishandled by a "Python script text executable" rule.

CVSS Score

7.5

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
NONE
Integrity
NONE
Availability
HIGH

Affected Products

VendorProductVersions
PhpPhp<= 5.4.39
RedhatEnterprise Linux Desktop7.0
RedhatEnterprise Linux Hpc Node7.0
RedhatEnterprise Linux Hpc Node Eus7.1
RedhatEnterprise Linux Server7.0
RedhatEnterprise Linux Server Eus7.1
RedhatEnterprise Linux Workstation7.0
RedhatEnterprise Linux6.0

Related Weaknesses (CWE)

CWE-20

References

FAQ

What is CVE-2015-4604?

CVE-2015-4604 is a vulnerability with a CVSS score of 7.5 (HIGH). The mget function in softmagic.c in file 5.x, as used in the Fileinfo component in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8, does not properly maintain a certain pointer relation...

How severe is CVE-2015-4604?

CVE-2015-4604 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2015-4604?

Check the references section above for vendor advisories and patch information. Affected products include: Php Php, Redhat Enterprise Linux Desktop, Redhat Enterprise Linux Hpc Node, Redhat Enterprise Linux Hpc Node Eus, Redhat Enterprise Linux Server.