Description
Multiple serious vulnerabilities have been found in PHP. Malicious users can exploit these vulnerabilities to inject or execute arbitrary code, bypass security restrictions or cause denial of service.
Below is a complete list of vulnerabilities
- Multiple use-after-free vulnerabilities can be exploited remotely via a specially designed call and input and vectors related to Phar archives renaming and;
- Improper pathname truncation can be exploited remotely via a specailly designed arguments;
- Integer overflow vulnerability can be exploited remotely via a specially designed ZIP archive;
- An unknown vulnerability can be exploited remotely via a specially designed GIF image or ELF file;
- Heap-based buffer overflow can be exploited remotely via vectors related to dictionaries;
- Improper string-length handling can be exploited remotely via a specially designed files.
Original advisories
Exploitation
Malware exists for this vulnerability. Usually such malware is classified as Exploit. More details.
Related products
CVE list
- CVE-2015-2787 high
- CVE-2015-2348 warning
- CVE-2015-2331 high
- CVE-2015-2301 high
- CVE-2015-1351 high
- CVE-2015-0273 high
- CVE-2014-9709 warning
- CVE-2014-9705 high
- CVE-2014-9653 high
- CVE-2014-9652 warning
Read more
Find out the statistics of the vulnerabilities spreading in your region on statistics.securelist.com
Found an inaccuracy in the description of this vulnerability? Let us know!