Ubuntu.comUB:CVE-2014-9426CVE-2014-9426
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.008 Low
EPSS
Percentile
81.3%
DISPUTED The apprentice_load function in libmagic/apprentice.c in the
Fileinfo component in PHP through 5.6.4 attempts to perform a free
operation on a stack-based character array, which allows remote attackers
to cause a denial of service (memory corruption or application crash) or
possibly have unspecified other impact via unknown vectors. NOTE: this is
disputed by the vendor because the standard erealloc behavior makes the
free operation unreachable.
Bugs
Notes
| Author | Note |
|---|---|
| mdeslaur | this CVE has been disputed as it isn’t exploitable. |
Related
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.008 Low
EPSS
Percentile
81.3%