Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
7.3
CVSSv3

CVE-2015-8865

Published: 20/05/2016 Updated: 07/11/2023
CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10
CVSS v3 Base Score: 7.3 | Impact Score: 5.9 | Exploitability Score: 1.3
VMScore: 668
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Subscribe to Php

Vulnerability Summary

The file_check_mem function in funcs.c in file prior to 5.23, as used in the Fileinfo component in PHP prior to 5.5.34, 5.6.x prior to 5.6.20, and 7.x prior to 7.0.5, mishandles continuation-level jumps, which allows context-dependent malicious users to cause a denial of service (buffer overflow and application crash) or possibly execute arbitrary code via a crafted magic file.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

php php 5.6.1

php php 5.6.0

php php 5.6.5

php php 7.0.4

php php 5.6.12

php php 5.6.13

php php 5.6.4

php php 7.0.3

php php 5.6.6

php php 7.0.1

php php 5.6.18

php php 5.6.11

php php 5.6.2

php php 5.6.10

php php

php php 5.6.7

php php 5.6.15

php php 7.0.2

php php 5.6.17

php php 5.6.16

php php 5.6.9

php php 5.6.3

php php 7.0.0

php php 5.6.8

php php 5.6.14

php php 5.6.19

apple mac os x

Vendor Advisories

Red Hat: Moderate: rh-php56 security, bug fix, and enhancement update
Synopsis Moderate: rh-php56 security, bug fix, and enhancement update Type/Severity Security Advisory: Moderate Topic An update for rh-php56, rh-php56-php, and rh-php56-php-pear is now available for Red Hat Software CollectionsRed Hat Product Security has rated this update as having a security impact of Mo ...
Debian CVElist Bug Report Logs: hhvm: Various CVEs (CVE-2014-9709 CVE-2015-8865 CVE-2016-1903 CVE-2016-4070 CVE-2016-4539 CVE-2016-6870 CVE-2016-6871 CVE-2016-6872 CVE-2016-6873 CVE-2016-6874 CVE-2016-6875)
Debian Bug report logs - #835032 hhvm: Various CVEs (CVE-2014-9709 CVE-2015-8865 CVE-2016-1903 CVE-2016-4070 CVE-2016-4539 CVE-2016-6870 CVE-2016-6871 CVE-2016-6872 CVE-2016-6873 CVE-2016-6874 CVE-2016-6875) Package: src:hhvm; Maintainer for src:hhvm is (unknown); Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: ...
Debian CVElist Bug Report Logs: file: CVE-2015-8865: file_check_mem() misbehaves on some input
Debian Bug report logs - #827377 file: CVE-2015-8865: file_check_mem() misbehaves on some input Package: src:file; Maintainer for src:file is Christoph Biedl <debianaxhn@manchmalin-ulmde>; Reported by: Petter Reinholdtsen <pere@hungrycom> Date: Wed, 15 Jun 2016 13:09:01 UTC Severity: important Found in version ...
Debian Security Advisories: DSA-3560-1 php5 -- security update
Several vulnerabilities were found in PHP, a general-purpose scripting language commonly used for web application development The vulnerabilities are addressed by upgrading PHP to the new upstream version 5620, which includes additional bug fixes Please refer to the upstream changelog for more information: phpnet/ChangeLog-5php#562 ...
Ubuntu Security Notice: php5, php7.0 vulnerabilities
Several security issues were fixed in PHP ...
Ubuntu Security Notice: file vulnerabilities
Several security issues were fixed in file ...
Ubuntu Security Notice: file vulnerabilities
Several security issues were fixed in file ...
Amazon Linux AMI: ALAS-2016-698
The following security-related issues were resolved: Buffer over-write in finfo_open with malformed magic file (CVE-2015-8865)Signedness vulnerability causing heap overflow in libgd (CVE-2016-3074)Integer overflow in php_raw_url_encode (CVE-2016-4070)Format string vulnerability in php_snmp_error() (CVE-2016-4071)Invalid memory write in phar on file ...
Red Hat: CVE-2015-8865
The file_check_mem function in funcsc in file before 523, as used in the Fileinfo component in PHP before 5534, 56x before 5620, and 7x before 705, mishandles continuation-level jumps, which allows context-dependent attackers to cause a denial of service (buffer overflow and application crash) or possibly execute arbitrary code via a cra ...

Github Repositories

https://github.com/jeffhuang4704/vulasset

UI Vulnerablity Page Improvement Introduction In this modification, we are transitioning the data filtering process from the front-end to the backend The UI now has the capability to retrieve partial data rather than the entire dataset This is achieved by leveraging the database to store and implementing a pagination mechanism Originally, the plan involved integrating memory

References

CWE-119http://www.php.net/ChangeLog-7.phphttps://bugs.php.net/bug.php?id=71527http://www.openwall.com/lists/oss-security/2016/04/24/1https://support.apple.com/HT206567http://bugs.gw.com/view.php?id=522https://github.com/file/file/commit/6713ca45e7757297381f4b4cdb9cf5e624a9ad36http://www.php.net/ChangeLog-5.phphttp://lists.apple.com/archives/security-announce/2016/May/msg00004.htmlhttps://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05240731http://www.debian.org/security/2016/dsa-3560http://www.ubuntu.com/usn/USN-2952-1http://www.ubuntu.com/usn/USN-2952-2http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00057.htmlhttp://www.securityfocus.com/bid/85802https://security.gentoo.org/glsa/201701-42https://security.gentoo.org/glsa/201611-22http://rhn.redhat.com/errata/RHSA-2016-2750.htmlhttps://usn.ubuntu.com/3686-1/https://usn.ubuntu.com/3686-2/http://git.php.net/?p=php-src.git%3Ba=commit%3Bh=fe13566c93f118a15a96320a546c7878fd0cfc5ehttps://access.redhat.com/errata/RHSA-2016:2750https://nvd.nist.govhttps://usn.ubuntu.com/2984-1/https://www.debian.org/security/./dsa-3560
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-22460CVE-2024-4646CVE-2024-29212IMAPCVE-2023-36672CVE-2024-34547command injectionCVE-2024-4651stored XSS
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook