6.4 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:P/A:P
0.08 Low
EPSS
Percentile
94.2%
Issue Overview:
A denial of service flaw was found in the way the File Information (fileinfo) extension parsed certain Composite Document Format (CDF) files. A remote attacker could use this flaw to crash a PHP application using fileinfo via a specially crafted CDF file.
gd_ctx.c in the GD component in PHP 5.4.x before 5.4.32 and 5.5.x before 5.5.16 does not ensure that pathnames lack %00 sequences, which might allow remote attackers to overwrite arbitrary files via crafted input to an application that calls the (1) imagegd, (2) imagegd2, (3) imagegif, (4) imagejpeg, (5) imagepng, (6) imagewbmp, or (7) imagewebp function.
The gdImageCreateFromXpm function in gdxpm.c in libgd, as used in PHP 5.4.26 and earlier, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted color table in an XPM file.
Integer overflow in the cdf_read_property_info function in cdf.c in file through 5.19, as used in the Fileinfo component in PHP before 5.4.32 and 5.5.x before 5.5.16, allows remote attackers to cause a denial of service (application crash) via a crafted CDF file. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-1571.
Affected Packages:
php55
Issue Correction:
Run yum update php55 to update your system.
New Packages:
i686:
php55-opcache-5.5.17-1.90.amzn1.i686
php55-bcmath-5.5.17-1.90.amzn1.i686
php55-fpm-5.5.17-1.90.amzn1.i686
php55-recode-5.5.17-1.90.amzn1.i686
php55-pgsql-5.5.17-1.90.amzn1.i686
php55-snmp-5.5.17-1.90.amzn1.i686
php55-embedded-5.5.17-1.90.amzn1.i686
php55-ldap-5.5.17-1.90.amzn1.i686
php55-pdo-5.5.17-1.90.amzn1.i686
php55-tidy-5.5.17-1.90.amzn1.i686
php55-enchant-5.5.17-1.90.amzn1.i686
php55-intl-5.5.17-1.90.amzn1.i686
php55-pspell-5.5.17-1.90.amzn1.i686
php55-soap-5.5.17-1.90.amzn1.i686
php55-common-5.5.17-1.90.amzn1.i686
php55-xmlrpc-5.5.17-1.90.amzn1.i686
php55-gmp-5.5.17-1.90.amzn1.i686
php55-xml-5.5.17-1.90.amzn1.i686
php55-devel-5.5.17-1.90.amzn1.i686
php55-mssql-5.5.17-1.90.amzn1.i686
php55-debuginfo-5.5.17-1.90.amzn1.i686
php55-gd-5.5.17-1.90.amzn1.i686
php55-dba-5.5.17-1.90.amzn1.i686
php55-imap-5.5.17-1.90.amzn1.i686
php55-mbstring-5.5.17-1.90.amzn1.i686
php55-mcrypt-5.5.17-1.90.amzn1.i686
php55-mysqlnd-5.5.17-1.90.amzn1.i686
php55-odbc-5.5.17-1.90.amzn1.i686
php55-5.5.17-1.90.amzn1.i686
php55-cli-5.5.17-1.90.amzn1.i686
php55-process-5.5.17-1.90.amzn1.i686
src:
php55-5.5.17-1.90.amzn1.src
x86_64:
php55-fpm-5.5.17-1.90.amzn1.x86_64
php55-ldap-5.5.17-1.90.amzn1.x86_64
php55-intl-5.5.17-1.90.amzn1.x86_64
php55-odbc-5.5.17-1.90.amzn1.x86_64
php55-mbstring-5.5.17-1.90.amzn1.x86_64
php55-gmp-5.5.17-1.90.amzn1.x86_64
php55-pgsql-5.5.17-1.90.amzn1.x86_64
php55-cli-5.5.17-1.90.amzn1.x86_64
php55-bcmath-5.5.17-1.90.amzn1.x86_64
php55-gd-5.5.17-1.90.amzn1.x86_64
php55-xmlrpc-5.5.17-1.90.amzn1.x86_64
php55-tidy-5.5.17-1.90.amzn1.x86_64
php55-mssql-5.5.17-1.90.amzn1.x86_64
php55-devel-5.5.17-1.90.amzn1.x86_64
php55-xml-5.5.17-1.90.amzn1.x86_64
php55-mcrypt-5.5.17-1.90.amzn1.x86_64
php55-pspell-5.5.17-1.90.amzn1.x86_64
php55-soap-5.5.17-1.90.amzn1.x86_64
php55-pdo-5.5.17-1.90.amzn1.x86_64
php55-common-5.5.17-1.90.amzn1.x86_64
php55-opcache-5.5.17-1.90.amzn1.x86_64
php55-embedded-5.5.17-1.90.amzn1.x86_64
php55-enchant-5.5.17-1.90.amzn1.x86_64
php55-imap-5.5.17-1.90.amzn1.x86_64
php55-5.5.17-1.90.amzn1.x86_64
php55-snmp-5.5.17-1.90.amzn1.x86_64
php55-debuginfo-5.5.17-1.90.amzn1.x86_64
php55-mysqlnd-5.5.17-1.90.amzn1.x86_64
php55-process-5.5.17-1.90.amzn1.x86_64
php55-recode-5.5.17-1.90.amzn1.x86_64
php55-dba-5.5.17-1.90.amzn1.x86_64
Red Hat: CVE-2012-1571, CVE-2014-2497, CVE-2014-3587, CVE-2014-5120
Mitre: CVE-2012-1571, CVE-2014-2497, CVE-2014-3587, CVE-2014-5120
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Amazon Linux | 1 | i686 | php55-opcache | < 5.5.17-1.90.amzn1 | php55-opcache-5.5.17-1.90.amzn1.i686.rpm |
Amazon Linux | 1 | i686 | php55-bcmath | < 5.5.17-1.90.amzn1 | php55-bcmath-5.5.17-1.90.amzn1.i686.rpm |
Amazon Linux | 1 | i686 | php55-fpm | < 5.5.17-1.90.amzn1 | php55-fpm-5.5.17-1.90.amzn1.i686.rpm |
Amazon Linux | 1 | i686 | php55-recode | < 5.5.17-1.90.amzn1 | php55-recode-5.5.17-1.90.amzn1.i686.rpm |
Amazon Linux | 1 | i686 | php55-pgsql | < 5.5.17-1.90.amzn1 | php55-pgsql-5.5.17-1.90.amzn1.i686.rpm |
Amazon Linux | 1 | i686 | php55-snmp | < 5.5.17-1.90.amzn1 | php55-snmp-5.5.17-1.90.amzn1.i686.rpm |
Amazon Linux | 1 | i686 | php55-embedded | < 5.5.17-1.90.amzn1 | php55-embedded-5.5.17-1.90.amzn1.i686.rpm |
Amazon Linux | 1 | i686 | php55-ldap | < 5.5.17-1.90.amzn1 | php55-ldap-5.5.17-1.90.amzn1.i686.rpm |
Amazon Linux | 1 | i686 | php55-pdo | < 5.5.17-1.90.amzn1 | php55-pdo-5.5.17-1.90.amzn1.i686.rpm |
Amazon Linux | 1 | i686 | php55-tidy | < 5.5.17-1.90.amzn1 | php55-tidy-5.5.17-1.90.amzn1.i686.rpm |