CVE-2014-9652 (retired)

Priority
Description
The mconvert function in softmagic.c in file before 5.21, as used in the
Fileinfo component in PHP before 5.4.37, 5.5.x before 5.5.21, and 5.6.x
before 5.6.5, does not properly handle a certain string-length field during
a copy of a truncated version of a Pascal string, which might allow remote
attackers to cause a denial of service (out-of-bounds memory access and
application crash) via a crafted file.
Assigned-to
mdeslaur
Package
Source: file (LP Ubuntu Debian)
Upstream:released (1:5.21+15-1)
Patches:
Upstream:https://github.com/file/file/commit/59e63838913eee47f5c120a6c53d4565af638158
Package
Source: php5 (LP Ubuntu Debian)
Upstream:released (5.6.5+dfsg-1)
Patches:
Upstream:http://git.php.net/?p=php-src.git;a=commit;h=ede59c8feb4b80e1b94e4abdaa0711051e2912ab
More Information

Updated: 2019-09-19 15:51:31 UTC (commit d32ebc32606b9517c6fa7d65a15441e2a57a6de5)