CVE-2014-9652
PHP < 5.4.37 - Denial of Service via mconvert Function in softmagic.c
Title source: llmDescription
The mconvert function in softmagic.c in file before 5.21, as used in the Fileinfo component in PHP before 5.4.37, 5.5.x before 5.5.21, and 5.6.x before 5.6.5, does not properly handle a certain string-length field during a copy of a truncated version of a Pascal string, which might allow remote attackers to cause a denial of service (out-of-bounds memory access and application crash) via a crafted file.
References (21)
Core 21
Core References
Mailing List vendor-advisory
x_refsource_hp
http://marc.info/?l=bugtraq&m=144050155601375&w=2
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/72505
Mailing List vendor-advisory
x_refsource_apple
http://lists.apple.com/archives/security-announce/2015/Sep/msg00008.html
Mailing List vendor-advisory
x_refsource_hp
http://marc.info/?l=bugtraq&m=143748090628601&w=2
Vendor Advisory x_refsource_confirm
http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html
Vendor Advisory x_refsource_confirm
http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html
Mailing List vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00004.html
Patch x_refsource_confirm
https://github.com/file/file/commit/59e63838913eee47f5c120a6c53d4565af638158
Various Sources x_refsource_confirm
http://php.net/ChangeLog-5.php
Vendor Advisory x_refsource_confirm
http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html
Vendor Advisory x_refsource_confirm
https://support.apple.com/HT205267
Mailing List vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00003.html
Various Sources x_refsource_confirm
https://bugs.php.net/patch-display.php?bug=68735&patch=bug68735.patch&revision=1420309079
Mailing List vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00002.html
Various Sources x_refsource_confirm
http://bugs.gw.com/view.php?id=398
Third Party Advisory vendor-advisory
x_refsource_gentoo
https://security.gentoo.org/glsa/201701-42
Mailing List mailing-list
x_refsource_mlist
http://openwall.com/lists/oss-security/2015/02/05/12
Various Sources x_refsource_confirm
https://bugs.php.net/bug.php?id=68735
Vendor Advisory vendor-advisory
x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2015-1135.html
Vendor Advisory vendor-advisory
x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2015-1053.html
Vendor Advisory vendor-advisory
x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2015-1066.html
Scores
EPSS
0.0691
EPSS Percentile
91.5%
Details
CWE
CWE-119
Status
published
Products (28)
file_project/file
< 5.20
php/php
5.5.0 (13 CPE variants)
php/php
5.5.1
php/php
5.5.2
php/php
5.5.3
php/php
5.5.4
php/php
5.5.5
php/php
5.5.6
php/php
5.5.7
php/php
5.5.8
... and 18 more
Published
Mar 30, 2015
Tracked Since
Feb 18, 2026