VYPR
High severity7.5NVD Advisory· Published May 16, 2016· Updated Jun 17, 2026

CVE-2015-4604

CVE-2015-4604

Description

The mget function in softmagic.c in file 5.x, as used in the Fileinfo component in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8, does not properly maintain a certain pointer relationship, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted string that is mishandled by a "Python script text executable" rule.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

42
  • PHP/PHP34 versions
    cpe:2.3:a:php:php:*:*:*:*:*:*:*:*+ 33 more
    • cpe:2.3:a:php:php:*:*:*:*:*:*:*:*range: <=5.4.39
    • cpe:2.3:a:php:php:5.5.0:*:*:*:*:*:*:*
    • cpe:2.3:a:php:php:5.5.1:*:*:*:*:*:*:*
    • cpe:2.3:a:php:php:5.5.10:*:*:*:*:*:*:*
    • cpe:2.3:a:php:php:5.5.11:*:*:*:*:*:*:*
    • cpe:2.3:a:php:php:5.5.12:*:*:*:*:*:*:*
    • cpe:2.3:a:php:php:5.5.13:*:*:*:*:*:*:*
    • cpe:2.3:a:php:php:5.5.14:*:*:*:*:*:*:*
    • cpe:2.3:a:php:php:5.5.15:*:*:*:*:*:*:*
    • cpe:2.3:a:php:php:5.5.16:*:*:*:*:*:*:*
    • cpe:2.3:a:php:php:5.5.17:*:*:*:*:*:*:*
    • cpe:2.3:a:php:php:5.5.18:*:*:*:*:*:*:*
    • cpe:2.3:a:php:php:5.5.19:*:*:*:*:*:*:*
    • cpe:2.3:a:php:php:5.5.2:*:*:*:*:*:*:*
    • cpe:2.3:a:php:php:5.5.20:*:*:*:*:*:*:*
    • cpe:2.3:a:php:php:5.5.21:*:*:*:*:*:*:*
    • cpe:2.3:a:php:php:5.5.22:*:*:*:*:*:*:*
    • cpe:2.3:a:php:php:5.5.23:*:*:*:*:*:*:*
    • cpe:2.3:a:php:php:5.5.3:*:*:*:*:*:*:*
    • cpe:2.3:a:php:php:5.5.4:*:*:*:*:*:*:*
    • cpe:2.3:a:php:php:5.5.5:*:*:*:*:*:*:*
    • cpe:2.3:a:php:php:5.5.6:*:*:*:*:*:*:*
    • cpe:2.3:a:php:php:5.5.7:*:*:*:*:*:*:*
    • cpe:2.3:a:php:php:5.5.8:*:*:*:*:*:*:*
    • cpe:2.3:a:php:php:5.5.9:*:*:*:*:*:*:*
    • cpe:2.3:a:php:php:5.6.0:*:*:*:*:*:*:*
    • cpe:2.3:a:php:php:5.6.1:*:*:*:*:*:*:*
    • cpe:2.3:a:php:php:5.6.2:*:*:*:*:*:*:*
    • cpe:2.3:a:php:php:5.6.3:*:*:*:*:*:*:*
    • cpe:2.3:a:php:php:5.6.4:*:*:*:*:*:*:*
    • cpe:2.3:a:php:php:5.6.5:*:*:*:*:*:*:*
    • cpe:2.3:a:php:php:5.6.6:*:*:*:*:*:*:*
    • cpe:2.3:a:php:php:5.6.7:*:*:*:*:*:*:*
    • (no CPE)range: <5.4.40 (or <5.5.24, <5.6.8 in respective branches)
  • cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*+ 2 more
    • cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*
    • cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*
    • cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_hpc_node:7.0:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_hpc_node_eus:7.1:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_server_eus:7.1:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*

Patches

Vulnerability mechanics

References

10

News mentions

0

No linked articles in our index yet.