A NULL pointer dereference flaw was found in the XSLTProcessor class in PHP. An attacker could use this flaw to cause a PHP application to crash if it performed Extensible Stylesheet Language (XSL) transformations using untrusted XSLT files and allowed the use of PHP functions to be used as XSLT functions within XSL stylesheets.
Platform | Package | Release Date | Advisory |
---|---|---|---|
Amazon Linux 1 | php54 | 2016-03-16 16:30 | ALAS-2016-670 |
Amazon Linux 1 | php55 | 2015-10-20 14:52 | ALAS-2015-602 |
Amazon Linux 1 | php56 | 2015-10-20 14:50 | ALAS-2015-601 |
Score Type | Score | Vector | |
---|---|---|---|
Amazon Linux | CVSSv2 | 2.6 | AV:N/AC:H/Au:N/C:N/I:N/A:P |
NVD | CVSSv2 | 5.0 | AV:N/AC:L/Au:N/C:N/I:N/A:P |
NVD | CVSSv3 | 7.5 | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |