30 matches found
EUVD-2014-3487
Malicious code in bioql PyPI...
SUSE CVE-2014-3478
Buffer overflow in the mconvert function in softmagic.c in file before 5.19, as used in the Fileinfo component in PHP before 5.4.30 and 5.5.x before 5.5.14, allows remote attackers to cause a denial of service application crash via a crafted Pascal string in a FILEPSTRING conversion...
SUSE CVE-2014-9652
The mconvert function in softmagic.c in file before 5.21, as used in the Fileinfo component in PHP before 5.4.37, 5.5.x before 5.5.21, and 5.6.x before 5.6.5, does not properly handle a certain string-length field during a copy of a truncated version of a Pascal string, which might allow remote...
SUSE: Security Advisory (SUSE-SU-2015:0436-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Denial Of Service (DoS)
php is vulnerable to denial of service DoS. The vulnerability exists through a buffer overflow issue in the mconvert function in softmagic.c, where parsing a Pascal string in a FILEPSTRING conversion would cause a DoS attack...
The vulnerability of the PHP interpreter allows a remote attacker to gain access to memory areas beyond the application’s boundaries, or cause the application to terminate abnormally.
The vulnerability of the PHP interpreter in the mconvert function located in the Fileinfo component’s script, softmagic.c causes an error in the pointer to the field that stores the length of the string under certain copy scenarios. As a result, a malicious actor can gain access to memory areas...
Vulnerability of PHP software, allowing a malicious actor to compromise the accessibility of protected information
Overfilling the buffer in the mconvert function in softmagic.c, within the Fileinfo component for PHP, allows malicious individuals operating remotely to cause a service failure abrupt termination of the application, by using specially crafted strings in the FILEPSTRING transformations...
file: out of bounds read in mconvert()
An ouf-of-bounds read flaw was found in the way the file utility processed certain Pascal strings. A remote attacker could cause an application using the file utility for example, PHP using the fileinfo module to crash if it was used to identify the type of the attacker-supplied file...
file: out of bounds read in mconvert()
An ouf-of-bounds read flaw was found in the way the file utility processed certain Pascal strings. A remote attacker could cause an application using the file utility for example, PHP using the fileinfo module to crash if it was used to identify the type of the attacker-supplied file...
file: out of bounds read in mconvert()
An ouf-of-bounds read flaw was found in the way the file utility processed certain Pascal strings. A remote attacker could cause an application using the file utility for example, PHP using the fileinfo module to crash if it was used to identify the type of the attacker-supplied file...
file: out of bounds read in mconvert()
An ouf-of-bounds read flaw was found in the way the file utility processed certain Pascal strings. A remote attacker could cause an application using the file utility for example, PHP using the fileinfo module to crash if it was used to identify the type of the attacker-supplied file...
Out-of-bounds
The mconvert function in softmagic.c in file before 5.21, as used in the Fileinfo component in PHP before 5.4.37, 5.5.x before 5.5.21, and 5.6.x before 5.6.5, does not properly handle a certain string-length field during a copy of a truncated version of a Pascal string, which might allow remote...
CVE-2014-9652
The mconvert function in softmagic.c in file before 5.21, as used in the Fileinfo component in PHP before 5.4.37, 5.5.x before 5.5.21, and 5.6.x before 5.6.5, does not properly handle a certain string-length field during a copy of a truncated version of a Pascal string, which might allow remote...
CVE-2014-9652
CVE-2014-9652 affects the Fileinfo component’s mconvert path (softmagic.c) used by PHP’s fileinfo. The vulnerability arises from improper handling of a string-length field when copying a truncated Pascal string, potentially allowing a remote attacker to cause a denial of service via out-of-bounds...
openSUSE Security Update : php5 (openSUSE-2015-203)
php5 was updated to fix two security issues. These security issues were fixed : - CVE-2014-9652: Out of bounds read in mconvert bnc917150. - CVE-2015-0273: Use after free vulnerability in unserialize with DateTimeZone bnc918768. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive...
Security update for php5 (important)
php5 was updated to fix two security issues. These security issues were fixed: - CVE-2014-9652: Out of bounds read in mconvert bnc917150. - CVE-2015-0273: Use after free vulnerability in unserialize with DateTimeZone bnc918768...
UBUNTU-CVE-2014-9652
The mconvert function in softmagic.c in file before 5.21, as used in the Fileinfo component in PHP before 5.4.37, 5.5.x before 5.5.21, and 5.6.x before 5.6.5, does not properly handle a certain string-length field during a copy of a truncated version of a Pascal string, which might allow remote...
Amazon Linux AMI : file (ALAS-2014-382)
A denial of service flaw was found in the way the File Information fileinfo extension parsed certain Composite Document Format CDF files. A remote attacker could use this flaw to crash a PHP application using fileinfo via a specially crafted CDF file. Buffer overflow in the mconvert function in...
DEBIAN-CVE-2014-3478
Buffer overflow in the mconvert function in softmagic.c in file before 5.19, as used in the Fileinfo component in PHP before 5.4.30 and 5.5.x before 5.5.14, allows remote attackers to cause a denial of service application crash via a crafted Pascal string in a FILEPSTRING conversion...
CVE-2014-3478
Buffer overflow in the mconvert function in softmagic.c in file before 5.19, as used in the Fileinfo component in PHP before 5.4.30 and 5.5.x before 5.5.14, allows remote attackers to cause a denial of service application crash via a crafted Pascal string in a FILEPSTRING conversion...