1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
|
PublicDateAtUSN: 2015-01-08
Candidate: CVE-2014-9652
PublicDate: 2015-03-30
References:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9652
http://www.ubuntu.com/usn/usn-2501-1
Description:
The mconvert function in softmagic.c in file before 5.21, as used in the
Fileinfo component in PHP before 5.4.37, 5.5.x before 5.5.21, and 5.6.x
before 5.6.5, does not properly handle a certain string-length field during
a copy of a truncated version of a Pascal string, which might allow remote
attackers to cause a denial of service (out-of-bounds memory access and
application crash) via a crafted file.
Ubuntu-Description:
Notes:
Bugs:
http://bugs.gw.com/view.php?id=398
https://bugs.php.net/bug.php?id=68735
Priority: low
Discovered-by:
Assigned-to: mdeslaur
Patches_php5:
upstream: http://git.php.net/?p=php-src.git;a=commit;h=ede59c8feb4b80e1b94e4abdaa0711051e2912ab
upstream_php5: released (5.6.5+dfsg-1)
lucid_php5: not-affected (relevant code similar to lucid's file)
precise_php5: not-affected (relevant code similar to lucid's file)
trusty_php5: released (5.5.9+dfsg-1ubuntu4.6)
utopic_php5: released (5.5.12+dfsg-2ubuntu4.2)
devel_php5: released (5.6.4+dfsg-4ubuntu2)
Patches_file:
upstream: https://github.com/file/file/commit/59e63838913eee47f5c120a6c53d4565af638158
upstream_file: released (1:5.21+15-1)
lucid_file: not-affected (verified with valgrind)
precise_file: released (5.09-2ubuntu0.6)
trusty_file: released (1:5.14-2ubuntu3.3)
utopic_file: released (1:5.19-1ubuntu1.2)
devel_file: released (1:5.20-1ubuntu2)
|