CVE-2014-9652

Sažetak

The mconvert function in softmagic.c in file before 5.21, as used in the Fileinfo component in PHP before 5.4.37, 5.5.x before 5.5.21, and 5.6.x before 5.6.5, does not properly handle a certain string-length field during a copy of a truncated version of a Pascal string, which might allow remote attackers to cause a denial of service (out-of-bounds memory access and application crash) via a crafted file.

Reference

http://bugs.gw.com/view.php?id=398
http://lists.apple.com/archives/security-announce/2015/Sep/msg00008.html
http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00002.html
http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00003.html
http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00004.html
http://marc.info/?l=bugtraq&m=143748090628601&w=2
http://marc.info/?l=bugtraq&m=144050155601375&w=2
http://openwall.com/lists/oss-security/2015/02/05/12
http://php.net/ChangeLog-5.php
http://rhn.redhat.com/errata/RHSA-2015-1053.html
http://rhn.redhat.com/errata/RHSA-2015-1066.html
http://rhn.redhat.com/errata/RHSA-2015-1135.html
http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html
http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html
http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html
http://www.securityfocus.com/bid/72505
https://bugs.php.net/bug.php?id=68735
https://bugs.php.net/patch-display.php?bug=68735&patch=bug68735.patch&revision=1420309079
https://github.com/file/file/commit/59e63838913eee47f5c120a6c53d4565af638158
https://security.gentoo.org/glsa/201701-42
https://support.apple.com/HT205267

CVSS

Base:	5.0
Impact:	2.9
Exploitability:	10.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
NONE	NONE	PARTIAL

CVSS vektor

AV:N/AC:L/Au:N/C:N/I:N/A:P

Zadnje važnije ažuriranje

01-07-2017 - 01:29

Objavljeno

30-03-2015 - 10:59