PHP 5.6.x < 5.6.20 Multiple Vulnerabilities

According to its banner, the version of PHP running on the remote web server is 5.6.x prior to 5.6.20. It is, therefore, affected by multiple vulnerabilities : - A buffer over-write condition exists in the finfoopen function due to improper validation of magic files. An unauthenticated, remote...

Internet Bug Bounty: Buffer over-write in finfo_open with malformed magic file.

https://bugs.php.net/bug.php?id=71527 This bug causes a segfault when running with environment variable USEZENDALLOC set to 0, and also when compiled with ASAN with USEZENDALLOC set and unset. To reproduce, run the following PHP file, with the example magic file below. $ cat magic-open.php Magic...

Amazon Linux: Security Advisory (ALAS-2016-698)

The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Debian DLA-460-1 : file security update

A malformed magic file could trigger a segmentation fault and thus crash applications due to a buffer over-write in the filecheckmem function. For Debian 7 'Wheezy', this problem has been fixed in version 5.11-2+deb7u9. We recommend that you upgrade your file packages. NOTE: Tenable Network...

[SECURITY] [DLA 460-1] file security update

Package : file Version : 5.11-2+deb7u9 CVE ID : CVE-2015-8865 A malformed magic file could trigger a segmentation fault and thus crash applications due to a buffer over-write in the filecheckmem function. For Debian 7 "Wheezy", this problem has been fixed in version 5.11-2+deb7u9. We recommend th...

DLA-460-1 file - security update

Bulletin has no description...

Amazon Linux AMI : php56 / php55 (ALAS-2016-698)

The following security-related issues were resolved : Buffer over-write in finfoopen with malformed magic file CVE-2015-8865 Signedness vulnerability causing heap overflow in libgd CVE-2016-3074 Integer overflow in phprawurlencode CVE-2016-4070 Format string vulnerability in phpsnmperror...

Important: php56, php55

Issue Overview: The following security-related issues were resolved: Buffer over-write in finfoopen with malformed magic file CVE-2015-8865 Signedness vulnerability causing heap overflow in libgd CVE-2016-3074 Integer overflow in phprawurlencode CVE-2016-4070 Format string vulnerability in...

MGASA-2016-0132 Updated file packages fix security vulnerability

The file command was vulnerable to a buffer over-write in with a malformed magic file...

Updated file packages fix security vulnerability

The file command was vulnerable to a buffer over-write in with a malformed magic file...

PHP 5.5.x < 5.5.34 Multiple Vulnerabilities

According to its banner, the version of PHP running on the remote web server is 5.5.x prior to 5.5.34. It is, therefore, affected by multiple vulnerabilities : - A buffer over-write condition exists in the finfoopen function due to improper validation of magic files. An unauthenticated, remote...

PHP 5.6.x < 5.6.20 Multiple Vulnerabilities

According to its banner, the version of PHP running on the remote web server is 5.6.x prior to 5.6.20. It is, therefore, affected by multiple vulnerabilities : - A buffer over-write condition exists in the finfoopen function due to improper validation of magic files. An unauthenticated, remote...

PHP 7.0.x < 7.0.5 Multiple Vulnerabilities

According to its banner, the version of PHP running on the remote web server is 7.0.x prior to 7.0.5. It is, therefore, affected by multiple vulnerabilities : - A buffer over-write condition exists in the finfoopen function due to improper validation of magic files. An unauthenticated, remote...

php -- multiple vulnerabilities

The PHP Group reports: Fileinfo: Fixed bug 71527 Buffer over-write in finfoopen with malformed magic file. mbstring: Fixed bug 71906 AddressSanitizer: negative-size-param -1 in mbflstrcut. Phar: Fixed bug 71860 Invalid memory write in phar on filename with \0 in name. SNMP: Fixed bug 71704...

Heap overflow

The needSamples method in AudioOutputSpeech.cpp in the client in Mumble 1.2.4 and the 1.2.3 pre-release snapshots, Mumble for iOS 1.1 through 1.2.2, and MumbleKit before commit fd190328a9b24d37382b269a5674b0c0c7a7e36d does not check the return value of the opusdecodefloat function, which allows...

Mandriva Linux Security Advisory : icedtea-web (MDVSA-2012:122)

Multiple vulnerabilities has been discovered and corrected in icedtea-web : An uninitialized pointer use flaw was found in IcedTea-Web web browser plugin. A malicious web page could use this flaw make IcedTea-Web browser plugin pass invalid pointer to a web browser. Depending on the browser used,...

Mandriva Update for icedtea-web MDVSA-2012:122 (icedtea-web)

Check for the Version of icedtea-web OpenVAS Vulnerability Test Mandriva Update for icedtea-web MDVSA-2012:122 icedtea-web Authors: System Generated Check Copyright: Copyright c 2012 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or...

Several vulnerabilities found in IcedTea-Web

The IcedTea project team reports: CVE-2012-3422: Use of uninitialized instance pointers An uninitialized pointer use flaw was found in IcedTea-Web web browser plugin. A malicious web page could use this flaw make IcedTea-Web browser plugin pass invalid pointer to a web browser. Depending on the...