CVE-2015-4604

Name of the Vulnerable Software and Affected Versions PHP versions 5.x through 5.4.39 PHP versions 5.5.x through 5.5.23 PHP versions 5.6.x through 5.6.7

Description The issue arises from the mget function in softmagic.c, part of the Fileinfo component in PHP, which does not properly maintain a certain pointer relationship. This allows remote attackers to cause a denial of service, resulting in an application crash, or possibly execute arbitrary code via a crafted string. The vulnerability can be exploited by a remote attacker using a specially crafted string that is mishandled by a "Python script text executable" rule.

Recommendations For PHP versions 5.x through 5.4.39, update to version 5.4.40 or later. For PHP versions 5.5.x through 5.5.23, update to version 5.5.24 or later. For PHP versions 5.6.x through 5.6.7, update to version 5.6.8 or later.