PHP 5.4.x < 5.4.37 / 5.5.x < 5.5.21 / 5.6.x < 5.6.5 Multiple Vulnerabilities

PHP versions 5.4.x prior to 5.4.37, 5.5.x prior to 5.5.21, and 5.6.x prior to 5.6.5 are exposed to the following issues:

• The CGI component has an out-of-bounds read flaw in file ‘cgi_main.c’ when nmap is used to process an invalid file that begins with a hash character (#) but lacks a newline character. A remote attacker, using a specially crafted PHP file, can exploit this vulnerability to disclose memory contents, cause a denial of service, or possibly execute code. (Bug 68618 / CVE-2014-9427)

• A use-after-free memory error exists in the function ‘process_nested_data’ within ‘var_unserializer.re’ due to the improper handling of duplicate numerical keys within the serialized properties of an object. A remote attacker, using a crafted unserialize method call, can exploit this vulnerability to execute arbitrary code. (Bug 68710 / CVE-2015-0231)

• A flaw exists in function ‘exif_process_unicode’ within ‘exif.c’ that allows freeing an uninitialized pointer. A remote attacker, using specially crafted EXIF data in a JPEG image, can exploit this to cause a denial of service or to execute arbitrary code. (Bug 68799 / CVE-2015-0232)

• An out-of-bounds read flaw exists in the ‘fileinfo’ extension of the ‘src/softmagic.c’ source file when handling certain Pascal strings. A remote attacker can exploit this issue to crash the affected application, denying service to legitimate users. (Bug 68735 / CVE-2014-9652)