Vulnerability & Exploit Database

Back to search

Amazon Linux AMI: Security patch for file (ALAS-2015-497) (multiple CVEs)

Severity CVSS Published Added Modified
8 (AV:N/AC:L/Au:N/C:P/I:P/A:P) January 21, 2015 March 26, 2015 July 04, 2017

Description

readelf.c in file before 5.22, as used in the Fileinfo component in PHP before 5.4.37, 5.5.x before 5.5.21, and 5.6.x before 5.6.5, does not consider that pread calls sometimes read only a subset of the available data, which allows remote attackers to cause a denial of service (uninitialized memory access) or possibly have unspecified other impact via a crafted ELF file.

Scan For This Vulnerability

Use our top-rated tool to discover, prioritize, and remediate your vulnerabilities

 Free InsightVM Trial

References

Solution

amazon-linux-upgrade-file

Related Vulnerabilities