CVE-2014-9652

critical

Description

The mconvert function in softmagic.c in file before 5.21, as used in the Fileinfo component in PHP before 5.4.37, 5.5.x before 5.5.21, and 5.6.x before 5.6.5, does not properly handle a certain string-length field during a copy of a truncated version of a Pascal string, which might allow remote attackers to cause a denial of service (out-of-bounds memory access and application crash) via a crafted file.

References

https://support.apple.com/HT205267

https://security.gentoo.org/glsa/201701-42

https://github.com/file/file/commit/59e63838913eee47f5c120a6c53d4565af638158

https://bugs.php.net/patch-display.php?bug=68735&patch=bug68735.patch&revision=1420309079

https://bugs.php.net/bug.php?id=68735

http://www.securityfocus.com/bid/72505

http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html

http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html

http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html

http://rhn.redhat.com/errata/RHSA-2015-1135.html

http://rhn.redhat.com/errata/RHSA-2015-1066.html

http://rhn.redhat.com/errata/RHSA-2015-1053.html

http://php.net/ChangeLog-5.php

http://openwall.com/lists/oss-security/2015/02/05/12

http://marc.info/?l=bugtraq&m=144050155601375&w=2

http://marc.info/?l=bugtraq&m=143748090628601&w=2

http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00004.html

http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00003.html

http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00002.html

http://lists.apple.com/archives/security-announce/2015/Sep/msg00008.html

http://bugs.gw.com/view.php?id=398

Details

Source: Mitre, NVD

Published: 2015-03-30

Risk Information

CVSS v2

Base Score: 5

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P

Severity: Medium

CVSS v3

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: Critical