CVE-2015-8865

Name of the Vulnerable Software and Affected Versions PHP versions prior to 5.5.34 PHP versions 5.6.x prior to 5.6.20 PHP versions 7.x prior to 7.0.5 Fileinfo component in file before 5.23

Description The issue is caused by a buffer overflow in the file check mem function, which can be exploited by a remote attacker to cause a denial of service or possibly execute arbitrary code via a specially crafted magic file. The file check mem function mishandles continuation-level jumps.

Recommendations For PHP versions prior to 5.5.34, update to version 5.5.34 or later. For PHP versions 5.6.x prior to 5.6.20, update to version 5.6.20 or later. For PHP versions 7.x prior to 7.0.5, update to version 7.0.5 or later. For the Fileinfo component in file before 5.23, update to version 5.23 or later. As a temporary workaround, consider restricting access to the file check mem function in the Fileinfo component until a patch is available.