CVE-2013-4636

Name of the Vulnerable Software and Affected Versions PHP versions 5.4.x before 5.4.16

Description The issue exists due to insufficient input validation in the mget function of the PHP interpreter. This can be exploited by a remote attacker to cause a denial of service, resulting in an application crash. The vulnerability is triggered when an MP3 file causes incorrect MIME type detection during access to an finfo object.

Recommendations For PHP versions 5.4.x before 5.4.16, update to version 5.4.16 or later to resolve the issue. As a temporary workaround, consider restricting access to MP3 files or disabling the mget function until a patch is available.