Candidate: CVE-2013-4636
PublicDate: 2013-06-21 21:55:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4636
 http://www.php.net/ChangeLog-5.php
Description:
 The mget function in libmagic/softmagic.c in the Fileinfo component in PHP
 5.4.x before 5.4.16 allows remote attackers to cause a denial of service
 (invalid pointer dereference and application crash) via an MP3 file that
 triggers incorrect MIME type detection during access to an finfo object.
Ubuntu-Description:
Notes:
Bugs:
 https://bugs.php.net/bug.php?id=64830
Priority: medium
Discovered-by:
Assigned-to: mdeslaur
CVSS: 

Patches_php5:
 upstream: http://git.php.net/?p=php-src.git;a=commit;h=74555e7c26b2c61bb8e67b7d6a6f4d2b8eb3a5f3
upstream_php5: released (5.5.0)
lucid_php5: not-affected (5.3.2-1ubuntu4.19)
precise_php5: not-affected (5.3.10-1ubuntu3.6)
quantal_php5: not-affected (5.4.6-1ubuntu1.2)
raring_php5: not-affected (5.4.9-4ubuntu2.1)
devel_php5: released (5.4.15-1ubuntu3)