Description

The file_check_mem function in funcs.c in file before 5.23, as used in the Fileinfo component in PHP before 5.5.34, 5.6.x before 5.6.20, and 7.x before 7.0.5, mishandles continuation-level jumps, which allows context-dependent attackers to cause a denial of service (buffer overflow and application crash) or possibly execute arbitrary code via a crafted magic file.

Remediation

References

CVE-2015-8865

Related Vulnerabilities

WordPress Plugin CopySafe PDF Protection Arbitrary File Upload (0.6)

WordPress Plugin YouTube Gallery-Best YouTube Video Gallery Cross-Site Scripting (3.2.1)

WordPress Plugin AVH Extended Categories Widgets SQL Injection (4.0.0)

Joomla Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2013-1455)

WordPress Plugin Ninja Forms Contact Form-The Drag and Drop Form Builder for WordPress PHP Object Injection (3.6.12)

Severity

High

Classification

CVE-2015-8865 CWE-119 CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities