1. Home
  2. CVE Database
  3. CVE-2015-4605
HIGH · 7.5

CVE-2015-4605

The mcopy function in softmagic.c in file 5.x, as used in the Fileinfo component in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8, does not properly restrict a certain offset value, w...

Vulnerability Description

The mcopy function in softmagic.c in file 5.x, as used in the Fileinfo component in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8, does not properly restrict a certain offset value, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted string that is mishandled by a "Python script text executable" rule.

CVSS Score

7.5

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
NONE
Integrity
NONE
Availability
HIGH

Affected Products

VendorProductVersions
PhpPhp<= 5.4.39
RedhatEnterprise Linux Desktop7.0
RedhatEnterprise Linux Hpc Node7.0
RedhatEnterprise Linux Hpc Node Eus7.1
RedhatEnterprise Linux Server7.0
RedhatEnterprise Linux Server Eus7.1
RedhatEnterprise Linux Workstation7.0
RedhatEnterprise Linux6.0

Related Weaknesses (CWE)

CWE-20

References

FAQ

What is CVE-2015-4605?

CVE-2015-4605 is a vulnerability with a CVSS score of 7.5 (HIGH). The mcopy function in softmagic.c in file 5.x, as used in the Fileinfo component in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8, does not properly restrict a certain offset value, w...

How severe is CVE-2015-4605?

CVE-2015-4605 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2015-4605?

Check the references section above for vendor advisories and patch information. Affected products include: Php Php, Redhat Enterprise Linux Desktop, Redhat Enterprise Linux Hpc Node, Redhat Enterprise Linux Hpc Node Eus, Redhat Enterprise Linux Server.