CVE-2013-4636
PHP Fileinfo Component - Denial of Service via MP3 MIME Type Detection
Title source: llmDescription
The mget function in libmagic/softmagic.c in the Fileinfo component in PHP 5.4.x before 5.4.16 allows remote attackers to cause a denial of service (invalid pointer dereference and application crash) via an MP3 file that triggers incorrect MIME type detection during access to an finfo object.
References (2)
Core 2
Core References
Various Sources x_refsource_confirm
https://bugs.php.net/bug.php?id=64830
Vendor Advisory x_refsource_confirm
http://www.php.net/ChangeLog-5.php
Scores
EPSS
0.0033
EPSS Percentile
55.6%
Details
CWE
CWE-20
Status
published
Products (16)
php/php
5.4.0
php/php
5.4.1
php/php
5.4.2
php/php
5.4.3
php/php
5.4.4
php/php
5.4.5
php/php
5.4.6
php/php
5.4.7
php/php
5.4.8
php/php
5.4.9
... and 6 more
Published
Jun 21, 2013
Tracked Since
Feb 18, 2026