PT-2014-1947 · Php+5 · Php+5

Published

2014-01-22

Updated

2023-05-26

CVE-2014-9652

CVSS v2.0

5.0

Medium

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:P

Name of the Vulnerable Software and Affected Versions Fileinfo component in PHP versions prior to 5.4.37 Fileinfo component in PHP 5.5.x versions prior to 5.5.21 Fileinfo component in PHP 5.6.x versions prior to 5.6.5

Description The issue arises from the mconvert function in softmagic.c not properly handling a certain string-length field during the copy of a truncated version of a Pascal string. This might allow remote attackers to cause a denial of service, potentially leading to out-of-bounds memory access and application crash, via a crafted file.

Recommendations For PHP versions prior to 5.4.37, update to version 5.4.37 or later. For PHP 5.5.x versions prior to 5.5.21, update to version 5.5.21 or later. For PHP 5.6.x versions prior to 5.6.5, update to version 5.6.5 or later.

Fix

DoS

Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-119

Related Identifiers

ALT-PU-2021-2505

ALT-PU-2023-1892

BDU:2015-09882

CESA-2015_1135

CESA-2015_2155

CVE-2014-9652

DLA-145-1

DSA-3121-1

DSA-3126-1

OPENSUSE-SU-2015_0440-1

RHSA-2015:1053

RHSA-2015:1066

RHSA-2015:1135

RHSA-2015:2155

RHSA-2015_1135

RHSA-2015_2155

SUSE-SU-2015:0370-1

SUSE-SU-2015:0424-1

SUSE-SU-2015:0436-1

SUSE-SU-2015:1018-1

SUSE-SU-2015:1265-1

SUSE-SU-2015_0424-1

SUSE-SU-2016:1638-1

USN-2501-1

Affected Products

Alt Linux

Centos

Php

Red Hat

Suse

Ubuntu

PT-2014-1947 · Php+5 · Php+5

CVE-2014-9652

Weakness Enumeration

Related Identifiers

Affected Products

References · 208