CVE-2014-9426

Name of the Vulnerable Software and Affected Versions PHP versions through 5.6.4

Description The issue is related to errors in the code of the apprentice load function in the Fileinfo component. Exploitation of this issue may allow a remote attacker to cause a denial of service, such as memory corruption or application crash, or possibly have other unspecified impacts. The vulnerability is disputed by the vendor due to the standard erealloc behavior making the free operation unreachable.

Recommendations For PHP versions through 5.6.4, consider updating to a version where this issue is resolved, as the current version may allow remote attackers to cause a denial of service or other impacts. At the moment, there is no information about a newer version that contains a fix for this vulnerability.