CVE-2014-9652 Information
Share on:Description
The mconvert function in softmagic.c in file before 5.21 as used in the Fileinfo component in PHP before 5.4.37 5.5.x before 5.5.21 and 5.6.x before 5.6.5 does not properly handle a certain string-length field during a copy of a truncated version of a Pascal string which might allow remote attackers to cause a denial of service (out-of-bounds memory access and application crash) via a crafted file.
Reference
http://bugs.gw.com/view.php?id=398 http://lists.apple.com/archives/security-announce/2015/Sep/msg00008.html http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00002.html http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00003.html http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00004.html http://marc.info/?l=bugtraq&m=143748090628601&w=2 http://marc.info/?l=bugtraq&m=144050155601375&w=2 http://openwall.com/lists/oss-security/2015/02/05/12 http://php.net/ChangeLog-5.php http://rhn.redhat.com/errata/RHSA-2015-1053.html http://rhn.redhat.com/errata/RHSA-2015-1066.html http://rhn.redhat.com/errata/RHSA-2015-1135.html http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html http://www.securityfocus.com/bid/72505 https://bugs.php.net/bug.php?id=68735 https://bugs.php.net/patch-display.php?bug=68735&patch=bug68735.patch&revision=1420309079 https://github.com/file/file/commit/59e63838913eee47f5c120a6c53d4565af638158 https://security.gentoo.org/glsa/201701-42 https://support.apple.com/HT205267