Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2015-0232

Overview

Vulnerability Score 6.8 6.8
CVE Id CVE-2015-0232
Last Modified 09 Oct 2015 10:00:10
Published 27 Jan 2015 03:04:11
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2015-0232

Summary

The exif_process_unicode function in ext/exif/exif.c in PHP before 5.4.37, 5.5.x before 5.5.21, and 5.6.x before 5.6.5 allows remote attackers to execute arbitrary code or cause a denial of service (uninitialized pointer free and application crash) via crafted EXIF data in a JPEG image.

Vulnerable Systems

Application

  • Php 5.4.0

  • Php 5.4.1

  • Php 5.4.10

  • Php 5.4.11

  • Php 5.4.12

  • Php 5.4.13

  • Php 5.4.14

  • Php 5.4.15

  • Php 5.4.16

  • Php 5.4.17

  • Php 5.4.18

  • Php 5.4.19

  • Php 5.4.2

  • Php 5.4.20

  • Php 5.4.21

  • Php 5.4.22

  • Php 5.4.23

  • Php 5.4.24

  • Php 5.4.25

  • Php 5.4.26

  • Php 5.4.27

  • Php 5.4.28

  • Php 5.4.29

  • Php 5.4.3

  • Php 5.4.30

  • Php 5.4.34

  • Php 5.4.35

  • Php 5.4.36

  • Php 5.4.4

  • Php 5.4.5

  • Php 5.4.6

  • Php 5.4.7

  • Php 5.4.8

  • Php 5.4.9

  • Php 5.5.0

  • Php 5.5.1

  • Php 5.5.10

  • Php 5.5.11

  • Php 5.5.12

  • Php 5.5.13

  • Php 5.5.14

  • Php 5.5.15

  • Php 5.5.16

  • Php 5.5.17

  • Php 5.5.18

  • Php 5.5.19

  • Php 5.5.2

  • Php 5.5.20

  • Php 5.5.3

  • Php 5.5.4

  • Php 5.5.5

  • Php 5.5.6

  • Php 5.5.7

  • Php 5.5.8

  • Php 5.5.9

  • Php 5.6.0

  • Php 5.6.1

  • Php 5.6.2

  • Php 5.6.3

  • Php 5.6.4


References

CONFIRM - https://bugzilla.redhat.com/show_bug.cgi?id=1185472

CONFIRM - https://bugs.php.net/bug.php?id=68799

CONFIRM - http://www.php.net/ChangeLog-5.php

CONFIRM - http://git.php.net/?p=php-src.git;a=commit;h=55001de6d8c6ed2aada870a76de1e4b4558737bf

CONFIRM - http://git.php.net/?p=php-src.git;a=commit;h=2fc178cf448d8e1b95d1314e47eeef610729e0df

CONFIRM - http://git.php.net/?p=php-src.git;a=commit;h=21bc7464f454fec18a9ec024c738f195602fee2a

SUSE - openSUSE-SU-2015:0325

SUSE - SUSE-SU-2015:0365

DEBIAN - DSA-3195

CONFIRM - http://advisories.mageia.org/MGASA-2015-0040.html

MANDRIVA - MDVSA-2015:032

CONFIRM - https://support.apple.com/HT205267

APPLE - APPLE-SA-2015-09-30-3


Last Updated: 27 May 2016 11:07:38