What is CVE-2015-0232?

CVE-2015-0232 is a vulnerability in Php. Published 2015-01-27.

Is CVE-2015-0232 known to be exploited?

2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Php

CVE-2015-0232

The exif_process_unicode function in ext/exif/exif.c in PHP before 5.4.37, 5.5.x before 5.5.21, and 5.6.x before 5.6.5 allows remote attackers to execute arbitrary code or cause a denial of service (uninitialized pointer free and applicati…

EPSS: 0.669 (98.6th percentile) — read the EPSS interpretation.

Affected products

Php — versions 5.4.0, 5.4.1, 5.4.2
N/a — versions n/a

Public proof-of-concept exploits

References

MDVSA-2015:032 (vendor-advisory, x_refsource_MANDRIVA)
DSA-3195 (vendor-advisory, x_refsource_DEBIAN)
72541 (vdb-entry, x_refsource_BID)
HPSBMU03409 (x_refsource_HP, vendor-advisory)
SUSE-SU-2015:0365 (vendor-advisory, x_refsource_SUSE)
secalert@redhat.com (x_refsource_CONFIRM)
APPLE-SA-2015-09-30-3 (vendor-advisory, x_refsource_APPLE)
HPSBMU03380 (x_refsource_HP, vendor-advisory)
secalert@redhat.com (x_refsource_CONFIRM)
secalert@redhat.com (x_refsource_CONFIRM)

Frequently asked questions

What is CVE-2015-0232?: CVE-2015-0232 is a vulnerability in Php. Published 2015-01-27.
Is CVE-2015-0232 known to be exploited?: 2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.