CVE-2015-4604 : The mget function in softmagic.c in file 5.x, as used in the Fileinfo component in PHP before 5.4.40, 5.5.x before 5.5.2

The mget function in softmagic.c in file 5.x, as used in the Fileinfo component in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8, does not properly maintain a certain pointer relationship, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted string that is mishandled by a "Python script text executable" rule.

Published 2016-05-16 10:59:12

Updated 2019-04-22 17:48:01

Source Red Hat, Inc.

View at NVD, CVE.org

Vulnerability category: Input validationExecute codeDenial of service

Threat overview for CVE-2015-4604

Top countries where our scanners detected CVE-2015-4604

Top open port discovered on systems with this issue 80

IPs affected by CVE-2015-4604 356,623

Threat actors abusing to this issue? Yes

Find out if you^* are affected by CVE-2015-4604!

^*Directly or indirectly through your vendors, service providers and 3rd parties. Powered by attack surface intelligence from SecurityScorecard.

Exploit prediction scoring system (EPSS) score for CVE-2015-4604

Probability of exploitation activity in the next 30 days: 8.68%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 94 % EPSS Score History EPSS FAQ

CVSS scores for CVE-2015-4604

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
5.0	MEDIUM	AV:N/AC:L/Au:N/C:N/I:N/A:P	10.0	2.9	NIST
Access Vector: Network Access Complexity: Low Authentication: None Confidentiality Impact: None Integrity Impact: None Availability Impact: Partial
7.5	HIGH	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H	3.9	3.6	NIST
Attack Vector: Network Attack Complexity: Low Privileges Required: None User Interaction: None Scope: Unchanged Confidentiality: None Integrity: None Availability: High

CWE ids for CVE-2015-4604

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2015-4604

http://git.php.net/?p=php-src.git;a=commit;h=f938112c495b0d26572435c0be73ac0bfe642ecd

208.43.231.11 Git - php-src.git/commit

CVEs referencing this url
https://bugs.php.net/bug.php?id=68819

PHP :: Sec Bug #68819 :: Fileinfo on specific file causes spurious OOM and/or segfault
Exploit

CVEs referencing this url
http://www.openwall.com/lists/oss-security/2015/06/16/12

oss-security - Re: CVE Request: various issues in PHP

CVEs referencing this url
http://www.securitytracker.com/id/1032709

PHP Multiple Bugs Let Remote Users Deny Service and Execute Arbitrary Code - SecurityTracker

CVEs referencing this url
http://rhn.redhat.com/errata/RHSA-2015-1186.html

RHSA-2015:1186 - Security Advisory - Red Hat Customer Portal

CVEs referencing this url
http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html

Oracle Linux Bulletin - January 2016

CVEs referencing this url
http://rhn.redhat.com/errata/RHSA-2015-1187.html

RHSA-2015:1187 - Security Advisory - Red Hat Customer Portal

CVEs referencing this url
http://rhn.redhat.com/errata/RHSA-2015-1135.html

RHSA-2015:1135 - Security Advisory - Red Hat Customer Portal

CVEs referencing this url
http://www.securityfocus.com/bid/75241

PHP libmagick 'libmagic/softmagic.c' Denial of Service Vulnerability
http://php.net/ChangeLog-5.php

PHP: PHP 5 ChangeLog

CVEs referencing this url

Products affected by CVE-2015-4604