PT-2014-1947 · Php+5 · Php+5

Publicado

2014-01-22

Atualizado

2023-05-26

CVE-2014-9652

CVSS v2.0

5.0

Média

Vetor

AV:N/AC:L/Au:N/C:N/I:N/A:P

Name of the Vulnerable Software and Affected Versions Fileinfo component in PHP versions prior to 5.4.37 Fileinfo component in PHP 5.5.x versions prior to 5.5.21 Fileinfo component in PHP 5.6.x versions prior to 5.6.5

Description The issue arises from the mconvert function in softmagic.c not properly handling a certain string-length field during the copy of a truncated version of a Pascal string. This might allow remote attackers to cause a denial of service, potentially leading to out-of-bounds memory access and application crash, via a crafted file.

Recommendations For PHP versions prior to 5.4.37, update to version 5.4.37 or later. For PHP 5.5.x versions prior to 5.5.21, update to version 5.5.21 or later. For PHP 5.6.x versions prior to 5.6.5, update to version 5.6.5 or later.

Correção

DoS

Buffer Overflow

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-119

Identificadores relacionados

ALT-PU-2021-2505

ALT-PU-2023-1892

BDU:2015-09882

CESA-2015_1135

CESA-2015_2155

CVE-2014-9652

DLA-145-1

DSA-3121-1

DSA-3126-1

OPENSUSE-SU-2015_0440-1

RHSA-2015:1053

RHSA-2015:1066

RHSA-2015:1135

RHSA-2015:2155

RHSA-2015_1135

RHSA-2015_2155

SUSE-SU-2015:0370-1

SUSE-SU-2015:0424-1

SUSE-SU-2015:0436-1

SUSE-SU-2015:1018-1

SUSE-SU-2015:1265-1

SUSE-SU-2015_0424-1

SUSE-SU-2016:1638-1

USN-2501-1

Produtos afetados

Alt Linux

Centos

Php

Red Hat

Suse

Ubuntu

PT-2014-1947 · Php+5 · Php+5

CVE-2014-9652

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 208