CVE-2014-3478

Priority
Description
Buffer overflow in the mconvert function in softmagic.c in file before
5.19, as used in the Fileinfo component in PHP before 5.4.30 and 5.5.x
before 5.5.14, allows remote attackers to cause a denial of service
(application crash) via a crafted Pascal string in a FILE_PSTRING
conversion.
Assigned-to
mdeslaur
Notes
mdeslaurphp in precise and earlier doesn't look vulnerable
file in lucid doesn't look vulnerable
Package
Source: file (LP Ubuntu Debian)
Upstream:released (1:5.19-1)
Ubuntu 14.04 ESM (Trusty Tahr):released (1:5.14-2ubuntu3.1)
Patches:
Upstream:https://github.com/file/file/commit/27a14bc7ba285a0a5ebfdb55e54001aa11932b08
Package
Source: php5 (LP Ubuntu Debian)
Upstream:released (5.6.0~rc1+dfsg-1)
Ubuntu 14.04 ESM (Trusty Tahr):released (5.5.9+dfsg-1ubuntu4.3)
Patches:
Upstream:http://git.php.net/?p=php-src.git;a=commit;h=e77659a8c87272e5061738a31430d2111482c426
More Information

Updated: 2019-12-05 18:37:27 UTC (commit dd38ff22974aae499eb50644b9d5a2817483cbdb)