vulnerability

Debian: CVE-2015-4604: php5 -- security update

Severity
5
CVSS
(AV:N/AC:L/Au:N/C:N/I:N/A:P)
Published
May 16, 2016
Added
Jul 30, 2024
Modified
Mar 30, 2026

Description

The mget function in softmagic.c in file 5.x, as used in the Fileinfo component in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8, does not properly maintain a certain pointer relationship, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted string that is mishandled by a "Python script text executable" rule.

Solution

debian-upgrade-php5
Title
Rapid7 Labs

2026 Global Threat Landscape Report

The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.