Ubuntu 14.04 LTS : PHP vulnerabilities (USN-2501-1)

The remote Ubuntu 14.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-2501-1 advisory. Stefan Esser discovered that PHP incorrectly handled unserializing objects. A remote attacker could use this issue to cause PHP to crash, resulting in a...

USN-2501-1 php5 vulnerabilities

Stefan Esser discovered that PHP incorrectly handled unserializing objects. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. CVE-2014-8142, CVE-2015-0231 Brian Carpenter discovered that the PHP CGI component...

Fedora 20 : php-5.5.21-1.fc20 (2015-1101)

22 Jan 2014, PHP 5.5.21 Core : - Upgraded cryptblowfish to version 1.3. Leigh - Fixed bug 60704 unlink bug with some files path. - Fixed bug 65419 Inside trait, self::class != CLASS. Julien - Fixed bug 65576 Constructor from trait conflicts with inherited constructor. dunglas at gmail dot com -...

CVE-2014-9652

The mconvert function in softmagic.c in file before 5.21, as used in the Fileinfo component in PHP before 5.4.37, 5.5.x before 5.5.21, and 5.6.x before 5.6.5, does not properly handle a certain string-length field during a copy of a truncated version of a Pascal string, which might allow remote...

PHP Fileinfo component denial of service vulnerability

Fileinfo component is an open source general-purpose computer scripting language maintained by the PHP Group and the open source community.Fileinfo is one of the components used to display file attributes and support batch modification of its attributes. A denial of service vulnerability in the...

UBUNTU-CVE-2014-9652

The mconvert function in softmagic.c in file before 5.21, as used in the Fileinfo component in PHP before 5.4.37, 5.5.x before 5.5.21, and 5.6.x before 5.6.5, does not properly handle a certain string-length field during a copy of a truncated version of a Pascal string, which might allow remote...

PHP < 5.6.5 Multiple Vulnerabilities (Jan 2015)

PHP is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:php:php"; ifdescription...

CVE-2014-9426

The apprenticeload function in libmagic/apprentice.c in the Fileinfo component in PHP through 5.6.4 attempts to perform a free operation on a stack-based character array, which allows remote attackers to cause a denial of service memory corruption or application crash or possibly have unspecified...

CVE-2014-9426

The apprenticeload function in libmagic/apprentice.c in the Fileinfo component in PHP through 5.6.4 attempts to perform a free operation on a stack-based character array, which allows remote attackers to cause a denial of service memory corruption or application crash or possibly have unspecified...

CVE-2014-9426

CVE-2014-9426 details (normal mode) Affected: PHP up to 5.6.4, specifically the Fileinfo component’s apprentice_load function in libmagic/apprentice.c.Root cause: free operation on a stack-based character array in apprentice_load, which can lead to memory corruption or application crash (denial o...

PT-2014-2042 · Php · Php

Name of the Vulnerable Software and Affected Versions: PHP versions through 5.6.4 Description: The issue is related to errors in the code of the apprentice load function in the Fileinfo component. Exploitation of this issue may allow a remote attacker to cause a denial of service, such as memory...

[slackware-security] php

New php packages are available for Slackware 14.0, 14.1, and -current to fix security issues. Here are the details from the Slackware 14.1 ChangeLog: patches/packages/php-5.4.36-i486-1slack14.1.txz: Upgraded. This update fixes bugs and security issues. 68545 NULL pointer dereference in...

Amazon Linux AMI : php55 (ALAS-2014-451)

An out-of-bounds read flaw was found in the way the File Information fileinfo extension parsed Executable and Linkable Format ELF files. A remote attacker could use this flaw to crash a PHP application using fileinfo via a specially crafted ELF file. C Tenable Network Security, Inc. The descripti...

Medium: php54

Issue Overview: An out-of-bounds read flaw was found in the way the File Information fileinfo extension parsed Executable and Linkable Format ELF files. A remote attacker could use this flaw to crash a PHP application using fileinfo via a specially crafted ELF file. Affected Packages: php54 Issue...

Medium: file

Issue Overview: An out-of-bounds read flaw was found in the way the File Information fileinfo extension parsed Executable and Linkable Format ELF files. A remote attacker could use this flaw to crash a PHP application using fileinfo via a specially crafted ELF file. Affected Packages: file Issue...

php: denial of service

An out-of-bounds read flaw was found in the way the file information fileinfo extension parsed executable and linkable format ELF files...

PHP Fileinfo cdf_read_property_info Denial of Service - ver 2 (CVE-2014-3587)

A denial of service vulnerability exists in PHP. It is due to an integer overflow error in the FileInfo module while processing CDF files. A remote attacker can exploit the vulnerability by sending crafted CDF files to a web application running a vulnerable version of PHP...

CVE-2014-3710

The donote function in readelf.c in file through 5.20, as used in the Fileinfo component in PHP 5.4.34, does not ensure that sufficient note headers are present, which allows remote attackers to cause a denial of service out-of-bounds read and application crash via a crafted ELF file...

CVE-2014-3710

The donote function in readelf.c in file through 5.20, as used in the Fileinfo component in PHP 5.4.34, does not ensure that sufficient note headers are present, which allows remote attackers to cause a denial of service out-of-bounds read and application crash via a crafted ELF file...

CVE-2014-3710

CVE-2014-3710 affects the Fileinfo extension used by PHP (via the file command parser) in ELF file handling. The vulnerability lies in readelf.c (up to PHP 5.4.34 and fileinfo up to 5.20) where insufficient ELF note-header validation can enable a crafted ELF file to trigger an out-of-bounds read ...