Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2015-8865

The file_check_mem function in funcs.c in file before 5.23, as used in the Fileinfo component in PHP before 5.5.34, 5.6.x before 5.6.20, and 7.x before 7.0.5, mishandles continuation-level jumps, which allows context-dependent attackers to cause a denial of service (buffer overflow and application crash) or possibly execute arbitrary code via a crafted magic file.

Published

2016-05-20T10:59:00.137

Last Modified

2025-04-12T10:46:40.837

Status

Deferred

Source

[email protected]

Severity

CVSSv3.0: 7.3 (HIGH)

CVSSv2 Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

  • Access Vector: NETWORK
  • Access Complexity: LOW
  • Authentication: NONE
  • Confidentiality Impact: PARTIAL
  • Integrity Impact: PARTIAL
  • Availability Impact: PARTIAL
Exploitability Score

10.0

Impact Score

6.4

Weaknesses
  • Type: Primary
    CWE-119
Affected Vendors & Products
Type Vendor Product Version/Range Vulnerable?
Application php php ≤ 5.5.33 Yes
Application php php 5.6.0 Yes
Application php php 5.6.0 Yes
Application php php 5.6.0 Yes
Application php php 5.6.0 Yes
Application php php 5.6.0 Yes
Application php php 5.6.0 Yes
Application php php 5.6.0 Yes
Application php php 5.6.0 Yes
Application php php 5.6.0 Yes
Application php php 5.6.1 Yes
Application php php 5.6.2 Yes
Application php php 5.6.3 Yes
Application php php 5.6.4 Yes
Application php php 5.6.5 Yes
Application php php 5.6.6 Yes
Application php php 5.6.7 Yes
Application php php 5.6.8 Yes
Application php php 5.6.9 Yes
Application php php 5.6.10 Yes
Application php php 5.6.11 Yes
Application php php 5.6.12 Yes
Application php php 5.6.13 Yes
Application php php 5.6.14 Yes
Application php php 5.6.15 Yes
Application php php 5.6.16 Yes
Application php php 5.6.17 Yes
Application php php 5.6.18 Yes
Application php php 5.6.19 Yes
Application php php 7.0.0 Yes
Application php php 7.0.1 Yes
Application php php 7.0.2 Yes
Application php php 7.0.3 Yes
Application php php 7.0.4 Yes
Operating System apple mac_os_x ≤ 10.11.4 Yes
References