Amazon Linux AMI : php54 (ALAS-2014-313)

A denial of service flaw was found in the way the File Information fileinfo extension handled indirect rules. A remote attacker could use this flaw to cause a PHP application using fileinfo to crash or consume an excessive amount of CPU. C Tenable Network Security, Inc. The descriptive text and...

Medium: php54

Issue Overview: A denial of service flaw was found in the way the File Information fileinfo extension handled indirect rules. A remote attacker could use this flaw to cause a PHP application using fileinfo to crash or consume an excessive amount of CPU. Affected Packages: php54 Issue Correction:...

[slackware-security] php

New php packages are available for Slackware 14.0, 14.1, and -current to fix a security issue. Here are the details from the Slackware 14.1 ChangeLog: patches/packages/php-5.4.26-i486-1slack14.1.txz: Upgraded. This update fixes a flaw where a specially crafted data file may cause a segfault or 10...

PHP Fileinfo组件越界内存破坏漏洞

BUGTRAQ ID: 66002 CVECAN ID: CVE-2014-2270 PHP是一种HTML内嵌式的语言。 PHP的file程序在解析可移植执行体（PE）格式文件时在实现上存在内存破坏漏洞，成功利用该漏洞后可使远程攻击者执行任意代码或造成拒绝服务。 0 PHP PHP 5.x 厂商补丁： PHP --- 目前厂商已经发布了升级补丁以修复这个安全问题，请到厂商的主页下载： http://www.php.net/downloads.php...

PHP 5.5.x < 5.5.10 Multiple Vulnerabilities

Binary data 8154.prm...

Fedora 20 : php-5.5.10-1.fc20 (2014-3534)

Excerpt from upstream NEWS: 06 Mar 2014, PHP 5.5.10 Core : - Fixed Request 66574i Allow multiple paths in phpiniscannedpath. Remi Date : - Fixed bug 45528 Allow the DateTimeZone constructor to accept timezones per offset too. Derick Fileinfo : - Fixed bug 66731 file: infinite recursion...

PHP 5.4.x < 5.4.26 Multiple Vulnerabilities

According to its banner, the version of PHP 5.4.x installed on the remote host is a version prior to 5.4.26. It is, therefore, potentially affected by the following vulnerabilities : - An error exists related to the Fileinfo extension and the bundled libmagic library that could allow denial of...

PHP 5.5.x < 5.5.10 Multiple Vulnerabilities

According to its banner, the version of PHP 5.5.x installed on the remote host is a version prior to 5.5.10. It is, therefore, potentially affected by the following vulnerabilities : - An error exists related to the Fileinfo extension and the bundled libmagic library that could allow denial of...

PT-2014-1947 · Php +5 · Php +5

Name of the Vulnerable Software and Affected Versions: Fileinfo component in PHP versions prior to 5.4.37 Fileinfo component in PHP 5.5.x versions prior to 5.5.21 Fileinfo component in PHP 5.6.x versions prior to 5.6.5 Description: The issue arises from the mconvert function in softmagic.c not...

php53 security, bug fix and enhancement update

5.3.3-21 - add security fix for CVE-2013-4248 5.3.3-20 - add security fix for CVE-2013-4113 5.3.3-19 - add upstream reproducer for errorhandler 951075 5.3.3-18 - add security fixes for CVE-2006-7243 5.3.3-17 - reorder security patches - add security fixes for CVE-2012-2688, CVE-2012-0831,...

CVE-2013-4636

The mget function in libmagic/softmagic.c in the Fileinfo component in PHP 5.4.x before 5.4.16 allows remote attackers to cause a denial of service invalid pointer dereference and application crash via an MP3 file that triggers incorrect MIME type detection during access to an finfo object...

CVE-2013-4636

The mget function in libmagic/softmagic.c in the Fileinfo component in PHP 5.4.x before 5.4.16 allows remote attackers to cause a denial of service invalid pointer dereference and application crash via an MP3 file that triggers incorrect MIME type detection during access to an finfo object...

CVE-2013-4636

The mget function in libmagic/softmagic.c in the Fileinfo component in PHP 5.4.x before 5.4.16 allows remote attackers to cause a denial of service invalid pointer dereference and application crash via an MP3 file that triggers incorrect MIME type detection during access to an finfo object...

CVE-2013-4636

CVE-2013-4636 affects PHP 5.4.x prior to 5.4.16. The vulnerability is in the mget function of libmagic/softmagic.c (Fileinfo) and allows remote denial of service via an MP3 file that triggers incorrect MIME type detection when accessing a finfo object. Impact is DoS (invalid pointer dereference a...

CVE-2013-4636

The mget function in libmagic/softmagic.c in the Fileinfo component in PHP 5.4.x before 5.4.16 allows remote attackers to cause a denial of service invalid pointer dereference and application crash via an MP3 file that triggers incorrect MIME type detection during access to an finfo object...

vBulletin Downloads FileInfo SQL Injection

=========================================== Vbulletin Downloads FileInfo SQL Injection =========================================== +Title : Vbulletin Downloads FileInfo SQL Injection +Software : FileInfo +Vendor : http://www.vbulletin.com +Download : http://www.vbulletin.com/download.php +Author ...

Fedora 8 : gallery2-2.2.5-1.fc8 (2008-5479)

Wed Jun 18 2008 John Berninger - 2.2.5-1 - update to upstream 2.2.5 for security vulns - Thu Mar 20 2008 John Berninger - 2.2.4-3 - revert to SVN snapshot so that config-time integrity checks don't fail - remove embedded copy of smarty and use php-Smarty package - Sat Dec 29 2007 John Berninger...

Fedora 7 : gallery2-2.2.4-3.fc7 (2008-2587)

Thu Mar 20 2008 John Berninger - 2.2.4-3 - revert to SVN snapshot so that config-time integrity checks don't fail - remove embedded copy of smarty and use php-Smarty package - Sat Dec 29 2007 John Berninger 2.2.4-1 - A christmas present -- critical security update to 2.2.4 - Fri Aug 31 2007 John...

Buffer overflow

The Fileinfo 2.0.9 plugin for Total Commander allows user-assisted remote attackers to cause a denial of service unhandled exception via an invalid RVA address function pointer in 1 an IMAGETHUNKDATA structure, involving the a OriginalFirstThunk and b FirstThunk IMAGEIMPORTDESCRIPTOR fields, or 2...

Crlf injection

CRLF injection vulnerability in the Fileinfo 2.0.9 plugin for Total Commander allows user-assisted remote attackers to spoof the information in the Image File Header tab via strings with CRLF sequences in the IMAGEEXPORTDIRECTORY array in a PE file, which could complicate forensics investigations...