89 matches found
CVE-2014-9652
The mconvert function in softmagic.c in file before 5.21, as used in the Fileinfo component in PHP before 5.4.37, 5.5.x before 5.5.21, and 5.6.x before 5.6.5, does not properly handle a certain string-length field during a copy of a truncated version of a Pascal string, which might allow remote...
Out-of-bounds
The mconvert function in softmagic.c in file before 5.21, as used in the Fileinfo component in PHP before 5.4.37, 5.5.x before 5.5.21, and 5.6.x before 5.6.5, does not properly handle a certain string-length field during a copy of a truncated version of a Pascal string, which might allow remote...
CVE-2014-9653
readelf.c in file before 5.22, as used in the Fileinfo component in PHP before 5.4.37, 5.5.x before 5.5.21, and 5.6.x before 5.6.5, does not consider that pread calls sometimes read only a subset of the available data, which allows remote attackers to cause a denial of service uninitialized memor...
UBUNTU-CVE-2014-9653
readelf.c in file before 5.22, as used in the Fileinfo component in PHP before 5.4.37, 5.5.x before 5.5.21, and 5.6.x before 5.6.5, does not consider that pread calls sometimes read only a subset of the available data, which allows remote attackers to cause a denial of service uninitialized memor...
Debian DLA-145-1 : php5 security update
Brief introduction CVE-2014-0237 The cdfunpacksummaryinfo function in cdf.c in the Fileinfo component in PHP before 5.4.29 and 5.5.x before 5.5.13 allows remote attackers to cause a denial of service performance degradation by triggering many fileprintf calls. CVE-2014-0238 The cdfreadpropertyinf...
PT-2015-1245 · Php +6 · Php +6
Name of the Vulnerable Software and Affected Versions: file versions prior to 5.22 PHP versions prior to 5.4.37 PHP versions 5.5.x prior to 5.5.21 PHP versions 5.6.x prior to 5.6.5 Description: The issue is related to the readelf.c module in the file component, specifically in the Fileinfo...
UBUNTU-CVE-2014-9652
The mconvert function in softmagic.c in file before 5.21, as used in the Fileinfo component in PHP before 5.4.37, 5.5.x before 5.5.21, and 5.6.x before 5.6.5, does not properly handle a certain string-length field during a copy of a truncated version of a Pascal string, which might allow remote...
PHP Fileinfo component denial of service vulnerability
Fileinfo component is an open source general-purpose computer scripting language maintained by the PHP Group and the open source community.Fileinfo is one of the components used to display file attributes and support batch modification of its attributes. A denial of service vulnerability in the...
PHP < 5.6.5 Multiple Vulnerabilities (Jan 2015)
PHP is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:php:php"; ifdescription...
CVE-2014-9426
The apprenticeload function in libmagic/apprentice.c in the Fileinfo component in PHP through 5.6.4 attempts to perform a free operation on a stack-based character array, which allows remote attackers to cause a denial of service memory corruption or application crash or possibly have unspecified...
PT-2014-2042 · Php · Php
Name of the Vulnerable Software and Affected Versions: PHP versions through 5.6.4 Description: The issue is related to errors in the code of the apprentice load function in the Fileinfo component. Exploitation of this issue may allow a remote attacker to cause a denial of service, such as memory...
CVE-2014-3710
CVE-2014-3710 affects the Fileinfo extension used by PHP (via the file command parser) in ELF file handling. The vulnerability lies in readelf.c (up to PHP 5.4.34 and fileinfo up to 5.20) where insufficient ELF note-header validation can enable a crafted ELF file to trigger an out-of-bounds read ...
CVE-2014-3710
The donote function in readelf.c in file through 5.20, as used in the Fileinfo component in PHP 5.4.34, does not ensure that sufficient note headers are present, which allows remote attackers to cause a denial of service out-of-bounds read and application crash via a crafted ELF file...
Amazon Linux AMI : php55 (ALAS-2014-362)
The cdfunpacksummaryinfo function in cdf.c in the Fileinfo component in PHP before 5.4.29 and 5.5.x before 5.5.13 allows remote attackers to cause a denial of service performance degradation by triggering many fileprintf calls. The cdfreadpropertyinfo function in cdf.c in the Fileinfo component i...
Amazon Linux AMI : php54 (ALAS-2014-361)
The cdfunpacksummaryinfo function in cdf.c in the Fileinfo component in PHP before 5.4.29 and 5.5.x before 5.5.13 allows remote attackers to cause a denial of service performance degradation by triggering many fileprintf calls. The cdfreadpropertyinfo function in cdf.c in the Fileinfo component i...
DEBIAN-CVE-2014-3587
Integer overflow in the cdfreadpropertyinfo function in cdf.c in file through 5.19, as used in the Fileinfo component in PHP before 5.4.32 and 5.5.x before 5.5.16, allows remote attackers to cause a denial of service application crash via a crafted CDF file. NOTE: this vulnerability exists becaus...
CVE-2014-3587
Integer overflow in the cdfreadpropertyinfo function in cdf.c in file through 5.19, as used in the Fileinfo component in PHP before 5.4.32 and 5.5.x before 5.5.16, allows remote attackers to cause a denial of service application crash via a crafted CDF file. NOTE: this vulnerability exists becaus...
CVE-2014-3587
Integer overflow in the cdfreadpropertyinfo function in cdf.c in file through 5.19, as used in the Fileinfo component in PHP before 5.4.32 and 5.5.x before 5.5.16, allows remote attackers to cause a denial of service application crash via a crafted CDF file. NOTE: this vulnerability exists becaus...
CVE-2014-3587
CVE-2014-3587 is a DoS vulnerability in the FileInfo CDF parser. An integer overflow in cdf_read_property_info (cdf.c) affects PHP’s Fileinfo usage up to PHP 5.4.32 and 5.5.x up to 5.5.16, allowing remote attackers to crash the application via a crafted CDF file. Affected component: the file comm...
DEBIAN-CVE-2014-3487
The cdfreadpropertyinfo function in file before 5.19, as used in the Fileinfo component in PHP before 5.4.30 and 5.5.x before 5.5.14, does not properly validate a stream offset, which allows remote attackers to cause a denial of service application crash via a crafted CDF file...