CVE-2015-5589

Priority
Description
The phar_convert_to_other function in ext/phar/phar_object.c in PHP before
5.4.43, 5.5.x before 5.5.27, and 5.6.x before 5.6.11 does not validate a
file pointer before a close operation, which allows remote attackers to
cause a denial of service (segmentation fault) or possibly have unspecified
other impact via a crafted TAR archive that is mishandled in a
Phar::convertToData call.
Assigned-to
mdeslaur
Notes
Package
Source: php5 (LP Ubuntu Debian)
Upstream:released (5.6.11+dfsg-1)
Ubuntu 14.04 ESM (Trusty Tahr):released (5.5.9+dfsg-1ubuntu4.13)
Patches:
Upstream:http://git.php.net/?p=php-src.git;a=commit;h=bf58162ddf970f63502837f366930e44d6a992cf
Upstream:http://git.php.net/?p=php-src.git;a=commit;h=885edfef0a0eb1016a906d197399f92375a795e4
More Information

Updated: 2019-12-05 18:42:27 UTC (commit dd38ff22974aae499eb50644b9d5a2817483cbdb)