CVE-2015-4605

Priority
Description
The mcopy function in softmagic.c in file 5.x, as used in the Fileinfo
component in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before
5.6.8, does not properly restrict a certain offset value, which allows
remote attackers to cause a denial of service (application crash) or
possibly execute arbitrary code via a crafted string that is mishandled by
a "Python script text executable" rule.
Notes
 sbeattie> unable to reproduce file crash on precise, trusty, or vivid
 mdeslaur> same fix as CVE-2015-4604
Assigned-to
mdeslaur
Package
Source: file (LP Ubuntu Debian)
Upstream:needs-triage
Ubuntu 14.04 LTS (Trusty Tahr):not-affected
Package
Source: php5 (LP Ubuntu Debian)
Upstream:released (5.6.9+dfsg-1)
Ubuntu 14.04 LTS (Trusty Tahr):not-affected (5.5.9+dfsg-1ubuntu4.9)
More Information

Updated: 2019-03-19 12:19:22 UTC (commit 15472795df7e9de45b82f2d36b8b419b939f97b2)