409 matches found
PHP libmagick 'libmagic/softmagic.c' denial of service vulnerability (CNVD-2015-03965)
PHP is a general-purpose scripting language. A security vulnerability in the handling of constructed files by the PHP Fileinfo extension allows remote attackers to exploit the vulnerability to crash the PHP process, resulting in a denial of service...
CVE-2015-4605
The mcopy function in softmagic.c in file 5.x, as used in the Fileinfo component in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8, does not properly restrict a certain offset value, which allows remote attackers to cause a denial of service application crash or possibly execute...
UBUNTU-CVE-2015-4604
The mget function in softmagic.c in file 5.x, as used in the Fileinfo component in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8, does not properly maintain a certain pointer relationship, which allows remote attackers to cause a denial of service application crash or possibly...
file: out of bounds read in mconvert()
An ouf-of-bounds read flaw was found in the way the file utility processed certain Pascal strings. A remote attacker could cause an application using the file utility for example, PHP using the fileinfo module to crash if it was used to identify the type of the attacker-supplied file...
php: denial of service when processing a crafted file with Fileinfo
The mget function in softmagic.c in file 5.x, as used in the Fileinfo component in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8, does not properly maintain a certain pointer relationship, which allows remote attackers to cause a denial of service application crash or possibly...
Fedora 20 : php-5.5.24-1.fc20 (2015-6399)
16 Apr 2015, PHP 5.5.24 Apache2handler : - Fixed bug 69218 potential remote code execution with apache 2.4 apache2handler. Gerrit Venema Core : - Fixed bug 66609 php crashes with get and ++ operator in some cases. Dmitry, Laruence - Fixed bug 67626 User exceptions not properly handled in streams...
Fedora 21 : php-5.6.8-1.fc21 (2015-6407)
16 Apr 2015, PHP 5.6.8 Core : - Fixed bug 66609 php crashes with get and ++ operator in some cases. Dmitry, Laruence - Fixed bug 68021 getbrowser browsernameregex returns non-utf-8 characters. Tjerk - Fixed bug 68917 parseurl fails on some partial urls. Wei Dai - Fixed bug 69134 Per Directory...
DEBIAN-CVE-2014-9653
readelf.c in file before 5.22, as used in the Fileinfo component in PHP before 5.4.37, 5.5.x before 5.5.21, and 5.6.x before 5.6.5, does not consider that pread calls sometimes read only a subset of the available data, which allows remote attackers to cause a denial of service uninitialized memor...
DEBIAN-CVE-2014-9652
The mconvert function in softmagic.c in file before 5.21, as used in the Fileinfo component in PHP before 5.4.37, 5.5.x before 5.5.21, and 5.6.x before 5.6.5, does not properly handle a certain string-length field during a copy of a truncated version of a Pascal string, which might allow remote...
CVE-2014-9652
The mconvert function in softmagic.c in file before 5.21, as used in the Fileinfo component in PHP before 5.4.37, 5.5.x before 5.5.21, and 5.6.x before 5.6.5, does not properly handle a certain string-length field during a copy of a truncated version of a Pascal string, which might allow remote...
Out-of-bounds
The mconvert function in softmagic.c in file before 5.21, as used in the Fileinfo component in PHP before 5.4.37, 5.5.x before 5.5.21, and 5.6.x before 5.6.5, does not properly handle a certain string-length field during a copy of a truncated version of a Pascal string, which might allow remote...
CVE-2014-9653
readelf.c in file before 5.22, as used in the Fileinfo component in PHP before 5.4.37, 5.5.x before 5.5.21, and 5.6.x before 5.6.5, does not consider that pread calls sometimes read only a subset of the available data, which allows remote attackers to cause a denial of service uninitialized memor...
CVE-2014-9653
readelf.c in file before 5.22, as used in the Fileinfo component in PHP before 5.4.37, 5.5.x before 5.5.21, and 5.6.x before 5.6.5, does not consider that pread calls sometimes read only a subset of the available data, which allows remote attackers to cause a denial of service uninitialized memor...
UBUNTU-CVE-2014-9653
readelf.c in file before 5.22, as used in the Fileinfo component in PHP before 5.4.37, 5.5.x before 5.5.21, and 5.6.x before 5.6.5, does not consider that pread calls sometimes read only a subset of the available data, which allows remote attackers to cause a denial of service uninitialized memor...
Debian DLA-145-1 : php5 security update
Brief introduction CVE-2014-0237 The cdfunpacksummaryinfo function in cdf.c in the Fileinfo component in PHP before 5.4.29 and 5.5.x before 5.5.13 allows remote attackers to cause a denial of service performance degradation by triggering many fileprintf calls. CVE-2014-0238 The cdfreadpropertyinf...
Debian DLA-18-1 : php5 security update
CVE-2014-3515: fix unserialize SPL ArrayObject / SPLObjectStorage Type Confusion CVE-2014-0207: fileinfo: cdfreadshortsector insufficient boundary check CVE-2014-3480: fileinfo: cdfcountchain insufficient boundary check CVE-2014-4721: The phpinfo implementation in ext/standard/info.c in PHP befor...
USN-2535-1 php5 vulnerabilities
Thomas Jarosch discovered that PHP incorrectly limited recursion in the fileinfo extension. A remote attacker could possibly use this issue to cause PHP to consume resources or crash, resulting in a denial of service. CVE-2014-8117 S. Paraschoudis discovered that PHP incorrectly handled memory in...
USN-2535-1: PHP vulnerabilities
Thomas Jarosch discovered that PHP incorrectly limited recursion in the fileinfo extension. A remote attacker could possibly use this issue to cause PHP to consume resources or crash, resulting in a denial of service. CVE-2014-8117 S. Paraschoudis discovered that PHP incorrectly handled memory in...
PT-2015-1245 · Php +6 · Php +6
Name of the Vulnerable Software and Affected Versions: file versions prior to 5.22 PHP versions prior to 5.4.37 PHP versions 5.5.x prior to 5.5.21 PHP versions 5.6.x prior to 5.6.5 Description: The issue is related to the readelf.c module in the file component, specifically in the Fileinfo...
PHP 5.4.x < 5.4.37 / 5.5.x < 5.5.21 / 5.6.x < 5.6.5 Multiple Vulnerabilities
Binary data 8615.prm...