Published: 20/05/2016 Updated: 07/11/2023

CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10

CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9

VMScore: 668

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Multiple integer overflows in the mbfl_strcut function in ext/mbstring/libmbfl/mbfl/mbfilter.c in PHP prior to 5.5.34, 5.6.x prior to 5.6.20, and 7.x prior to 7.0.5 allow remote malicious users to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted mb_strcut call.

Vulnerable Product	Search on Vulmon	Subscribe to Product
php php 5.6.1
php php 5.5.0
php php 5.6.0
php php 5.6.5
php php 5.5.19
php php 7.0.4
php php 5.6.12
php php 5.5.25
php php 5.6.13
php php 5.5.1
php php 5.5.5
php php 5.6.4
php php 5.5.21
php php 7.0.3
php php 5.6.6
php php 7.0.1
php php 5.5.14
php php 5.6.18
php php 5.5.7
php php 5.6.11
php php 5.6.2
php php 5.6.10
php php 5.5.29
php php 5.5.12
php php 5.5.6
php php 5.6.7
php php 5.5.3
php php 5.5.23
php php 5.5.8
php php 5.5.27
php php 5.6.15
php php 5.5.24
php php 7.0.2
php php 5.5.11
php php 5.5.13
php php 5.5.4
php php 5.6.17
php php 5.6.16
php php 5.5.33
php php 5.5.26
php php 5.6.9
php php 5.5.10
php php 5.6.3
php php 7.0.0
php php 5.5.30
php php 5.5.22
php php 5.5.32
php php 5.6.8
php php 5.5.18
php php 5.6.14
php php 5.6.19
php php 5.5.20
php php 5.5.2
php php 5.5.9
apple mac os x

Synopsis Moderate: rh-php56 security, bug fix, and enhancement update Type/Severity Security Advisory: Moderate Topic An update for rh-php56, rh-php56-php, and rh-php56-php-pear is now available for Red Hat Software CollectionsRed Hat Product Security has rated this update as having a security impact of Mo ...

Several security issues were fixed in PHP ...

Several vulnerabilities were found in PHP, a general-purpose scripting language commonly used for web application development The vulnerabilities are addressed by upgrading PHP to the new upstream version 5620, which includes additional bug fixes Please refer to the upstream changelog for more information: phpnet/ChangeLog-5php#562 ...

The following security-related issues were resolved: Buffer over-write in finfo_open with malformed magic file (CVE-2015-8865)Signedness vulnerability causing heap overflow in libgd (CVE-2016-3074)Integer overflow in php_raw_url_encode (CVE-2016-4070)Format string vulnerability in php_snmp_error() (CVE-2016-4071)Invalid memory write in phar on file ...

Multiple integer overflows in the mbfl_strcut function in ext/mbstring/libmbfl/mbfl/mbfilterc in PHP before 5534, 56x before 5620, and 7x before 705 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted mb_strcut call ...

CWE-119 http://www.php.net/ChangeLog-7.php https://gist.github.com/smalyshev/d8355c96a657cc5dba70 http://www.openwall.com/lists/oss-security/2016/04/24/1 https://support.apple.com/HT206567 https://bugs.php.net/bug.php?id=71906 http://www.php.net/ChangeLog-5.php http://lists.apple.com/archives/security-announce/2016/May/msg00004.html https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05240731 http://www.debian.org/security/2016/dsa-3560 http://www.securityfocus.com/bid/85991 https://security.gentoo.org/glsa/201611-22 http://rhn.redhat.com/errata/RHSA-2016-2750.html http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00031.html http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00056.html http://www.ubuntu.com/usn/USN-2952-2 http://www.ubuntu.com/usn/USN-2952-1 http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00033.html https://git.php.net/?p=php-src.git%3Ba=commit%3Bh=64f42c73efc58e88671ad76b6b6bc8e2b62713e1 https://access.redhat.com/errata/RHSA-2016:2750 https://usn.ubuntu.com/2984-1/https://nvd.nist.gov

CVE-2016-4073

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect