VYPR
High severity7.5NVD Advisory· Published May 16, 2016· Updated Jun 17, 2026

CVE-2015-4605

CVE-2015-4605

Description

The mcopy function in softmagic.c in file 5.x, as used in the Fileinfo component in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8, does not properly restrict a certain offset value, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted string that is mishandled by a "Python script text executable" rule.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

42
  • PHP/PHP33 versions
    cpe:2.3:a:php:php:*:*:*:*:*:*:*:*+ 32 more
    • cpe:2.3:a:php:php:*:*:*:*:*:*:*:*range: <=5.4.39
    • cpe:2.3:a:php:php:5.5.0:*:*:*:*:*:*:*
    • cpe:2.3:a:php:php:5.5.1:*:*:*:*:*:*:*
    • cpe:2.3:a:php:php:5.5.10:*:*:*:*:*:*:*
    • cpe:2.3:a:php:php:5.5.11:*:*:*:*:*:*:*
    • cpe:2.3:a:php:php:5.5.12:*:*:*:*:*:*:*
    • cpe:2.3:a:php:php:5.5.13:*:*:*:*:*:*:*
    • cpe:2.3:a:php:php:5.5.14:*:*:*:*:*:*:*
    • cpe:2.3:a:php:php:5.5.15:*:*:*:*:*:*:*
    • cpe:2.3:a:php:php:5.5.16:*:*:*:*:*:*:*
    • cpe:2.3:a:php:php:5.5.17:*:*:*:*:*:*:*
    • cpe:2.3:a:php:php:5.5.18:*:*:*:*:*:*:*
    • cpe:2.3:a:php:php:5.5.19:*:*:*:*:*:*:*
    • cpe:2.3:a:php:php:5.5.2:*:*:*:*:*:*:*
    • cpe:2.3:a:php:php:5.5.20:*:*:*:*:*:*:*
    • cpe:2.3:a:php:php:5.5.21:*:*:*:*:*:*:*
    • cpe:2.3:a:php:php:5.5.22:*:*:*:*:*:*:*
    • cpe:2.3:a:php:php:5.5.23:*:*:*:*:*:*:*
    • cpe:2.3:a:php:php:5.5.3:*:*:*:*:*:*:*
    • cpe:2.3:a:php:php:5.5.4:*:*:*:*:*:*:*
    • cpe:2.3:a:php:php:5.5.5:*:*:*:*:*:*:*
    • cpe:2.3:a:php:php:5.5.6:*:*:*:*:*:*:*
    • cpe:2.3:a:php:php:5.5.7:*:*:*:*:*:*:*
    • cpe:2.3:a:php:php:5.5.8:*:*:*:*:*:*:*
    • cpe:2.3:a:php:php:5.5.9:*:*:*:*:*:*:*
    • cpe:2.3:a:php:php:5.6.0:*:*:*:*:*:*:*
    • cpe:2.3:a:php:php:5.6.1:*:*:*:*:*:*:*
    • cpe:2.3:a:php:php:5.6.2:*:*:*:*:*:*:*
    • cpe:2.3:a:php:php:5.6.3:*:*:*:*:*:*:*
    • cpe:2.3:a:php:php:5.6.4:*:*:*:*:*:*:*
    • cpe:2.3:a:php:php:5.6.5:*:*:*:*:*:*:*
    • cpe:2.3:a:php:php:5.6.6:*:*:*:*:*:*:*
    • cpe:2.3:a:php:php:5.6.7:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*+ 2 more
    • cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*
    • cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*
    • cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_hpc_node:7.0:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_hpc_node_eus:7.1:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_server_eus:7.1:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*
  • PHP/Fileinfollm-fuzzy
    Range: <5.4.40, >=5.5.0 <5.5.24, >=5.6.0 <5.6.8

Patches

Vulnerability mechanics

References

10

News mentions

0

No linked articles in our index yet.