MAL-2025-18735 Malicious code in dragand-fileinfo-plugin (npm)

The package dragand-fileinfo-plugin was found to contain malicious code...

Linux Distros Unpatched Vulnerability : CVE-2014-9653

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - readelf.c in file before 5.22, as used in the Fileinfo component in PHP before 5.4.37, 5.5.x before 5.5.21, and 5.6.x before 5.6.5, does not consider that pread...

Linux Distros Unpatched Vulnerability : CVE-2014-3710

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The donote function in readelf.c in file through 5.20, as used in the Fileinfo component in PHP 5.4.34, does not ensure that sufficient note headers are present...

BIT-PHP-MIN-2022-31627 Heap buffer overflow in finfo_buffer

In PHP versions 8.1.x below 8.1.8, when fileinfo functions, such as finfobuffer, due to incorrect patch applied to the third party code from libmagic, incorrect function may be used to free allocated memory, which may lead to heap corruption...

Fedora 39 : php (2024-7c800c4df7)

The remote Fedora 39 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-7c800c4df7 advisory. PHP version 8.2.24 26 Sep 2024 CGI: Fixed bug GHSA-p99j-rfp4-xqvq Bypass of CVE-2024-4577, Parameter Injection Vulnerability. CVE-2024-8926 nielsdos...

BIT-PHP-2022-31627 Heap buffer overflow in finfo_buffer

In PHP versions 8.1.x below 8.1.8, when fileinfo functions, such as finfobuffer, due to incorrect patch applied to the third party code from libmagic, incorrect function may be used to free allocated memory, which may lead to heap corruption...

K15272: PHP Vulnerability CVE-2013-4636

Security Advisory Description The mget function in libmagic/softmagic.c in the Fileinfo component in PHP 5.4.x before 5.4.16 allows remote attackers to cause a denial of service invalid pointer dereference and application crash via an MP3 file that triggers incorrect MIME type detection during...

K40306410: PHP vulnerability CVE-2014-0236

Security Advisory Description file before 5.18, as used in the Fileinfo component in PHP before 5.6.0, allows remote attackers to cause a denial of service NULL pointer dereference and application crash via a zero rootstorage value in a CDF file, related to cdf.c and readcdf.c. CVE-2014-0236 Impa...

SUSE CVE-2011-2711

Cross-site scripting XSS vulnerability in the printfileinfo function in ui-diff.c in cgit 0.9.0.2 and earlier allows remote authenticated users to inject arbitrary web script or HTML via the filename associated with the rename hint...

SUSE CVE-2014-0207

The cdfreadshortsector function in cdf.c in file before 5.19, as used in the Fileinfo component in PHP before 5.4.30 and 5.5.x before 5.5.14, allows remote attackers to cause a denial of service assertion failure and application exit via a crafted CDF file...

SUSE CVE-2014-0236

file before 5.18, as used in the Fileinfo component in PHP before 5.6.0, allows remote attackers to cause a denial of service NULL pointer dereference and application crash via a zero rootstorage value in a CDF file, related to cdf.c and readcdf.c...

SUSE CVE-2014-0237

The cdfunpacksummaryinfo function in cdf.c in the Fileinfo component in PHP before 5.4.29 and 5.5.x before 5.5.13 allows remote attackers to cause a denial of service performance degradation by triggering many fileprintf calls...

SUSE CVE-2014-0238

The cdfreadpropertyinfo function in cdf.c in the Fileinfo component in PHP before 5.4.29 and 5.5.x before 5.5.13 allows remote attackers to cause a denial of service infinite loop or out-of-bounds memory access via a vector that 1 has zero length or 2 is too long...

SUSE CVE-2014-3487

The cdfreadpropertyinfo function in file before 5.19, as used in the Fileinfo component in PHP before 5.4.30 and 5.5.x before 5.5.14, does not properly validate a stream offset, which allows remote attackers to cause a denial of service application crash via a crafted CDF file...

SUSE CVE-2014-3587

Integer overflow in the cdfreadpropertyinfo function in cdf.c in file through 5.19, as used in the Fileinfo component in PHP before 5.4.32 and 5.5.x before 5.5.16, allows remote attackers to cause a denial of service application crash via a crafted CDF file. NOTE: this vulnerability exists becaus...

SUSE CVE-2014-3710

The donote function in readelf.c in file through 5.20, as used in the Fileinfo component in PHP 5.4.34, does not ensure that sufficient note headers are present, which allows remote attackers to cause a denial of service out-of-bounds read and application crash via a crafted ELF file...

SUSE CVE-2014-9426

The apprenticeload function in libmagic/apprentice.c in the Fileinfo component in PHP through 5.6.4 attempts to perform a free operation on a stack-based character array, which allows remote attackers to cause a denial of service memory corruption or application crash or possibly have unspecified...

SUSE CVE-2014-9652

The mconvert function in softmagic.c in file before 5.21, as used in the Fileinfo component in PHP before 5.4.37, 5.5.x before 5.5.21, and 5.6.x before 5.6.5, does not properly handle a certain string-length field during a copy of a truncated version of a Pascal string, which might allow remote...

SUSE CVE-2014-9653

readelf.c in file before 5.22, as used in the Fileinfo component in PHP before 5.4.37, 5.5.x before 5.5.21, and 5.6.x before 5.6.5, does not consider that pread calls sometimes read only a subset of the available data, which allows remote attackers to cause a denial of service uninitialized memor...

SUSE CVE-2015-4604

The mget function in softmagic.c in file 5.x, as used in the Fileinfo component in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8, does not properly maintain a certain pointer relationship, which allows remote attackers to cause a denial of service application crash or possibly...