Lucene search

K

[email protected]NVD:CVE-2013-4636

HistoryJun 21, 2013 - 9:55 p.m.

CVE-2013-4636

2013-06-2121:55:01

CWE-20

[email protected]

web.nvd.nist.gov

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

6.5 Medium

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

60.4%

The mget function in libmagic/softmagic.c in the Fileinfo component in PHP 5.4.x before 5.4.16 allows remote attackers to cause a denial of service (invalid pointer dereference and application crash) via an MP3 file that triggers incorrect MIME type detection during access to an finfo object.

Affected configurations

NVD

Node

phpphpMatch5.4.0

OR

phpphpMatch5.4.1

OR

phpphpMatch5.4.2

OR

phpphpMatch5.4.3

OR

phpphpMatch5.4.4

OR

phpphpMatch5.4.5

OR

phpphpMatch5.4.6

OR

phpphpMatch5.4.7

OR

phpphpMatch5.4.8

OR

phpphpMatch5.4.9

OR

phpphpMatch5.4.10

OR

phpphpMatch5.4.11

OR

phpphpMatch5.4.12

OR

phpphpMatch5.4.13

OR

phpphpMatch5.4.14

OR

phpphpMatch5.4.15

References

www.php.net/ChangeLog-5.php

bugs.php.net/bug.php?id=64830

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

6.5 Medium

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

60.4%

Related for NVD:CVE-2013-4636

openvas2 ubuntucve1 prion1 cvelist1 f52 cve1 debiancve1 nessus3 gentoo1