CVE-2014-3478: Buffer Overflow
First published: Wed Jul 09 2014(Updated: )
Buffer overflow in the mconvert function in softmagic.c in file before 5.19, as used in the Fileinfo component in PHP before 5.4.30 and 5.5.x before 5.5.14, allows remote attackers to cause a denial of service (application crash) via a crafted Pascal string in a FILE_PSTRING conversion.
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Christos Zoulas file | <=5.18 | |
| Christos Zoulas file | =5.00 | |
| Christos Zoulas file | =5.01 | |
| Christos Zoulas file | =5.02 | |
| Christos Zoulas file | =5.03 | |
| Christos Zoulas file | =5.04 | |
| Christos Zoulas file | =5.05 | |
| Christos Zoulas file | =5.06 | |
| Christos Zoulas file | =5.07 | |
| Christos Zoulas file | =5.08 | |
| Christos Zoulas file | =5.09 | |
| Christos Zoulas file | =5.10 | |
| Christos Zoulas file | =5.11 | |
| Christos Zoulas file | =5.12 | |
| Christos Zoulas file | =5.13 | |
| Christos Zoulas file | =5.14 | |
| Christos Zoulas file | =5.15 | |
| Christos Zoulas file | =5.16 | |
| Christos Zoulas file | =5.17 | |
| PHP PHP | <=5.4.29 | |
| PHP PHP | =5.4.0 | |
| PHP PHP | =5.4.1 | |
| PHP PHP | =5.4.2 | |
| PHP PHP | =5.4.3 | |
| PHP PHP | =5.4.4 | |
| PHP PHP | =5.4.5 | |
| PHP PHP | =5.4.6 | |
| PHP PHP | =5.4.7 | |
| PHP PHP | =5.4.8 | |
| PHP PHP | =5.4.9 | |
| PHP PHP | =5.4.10 | |
| PHP PHP | =5.4.11 | |
| PHP PHP | =5.4.12 | |
| PHP PHP | =5.4.12-rc1 | |
| PHP PHP | =5.4.12-rc2 | |
| PHP PHP | =5.4.13 | |
| PHP PHP | =5.4.13-rc1 | |
| PHP PHP | =5.4.14 | |
| PHP PHP | =5.4.14-rc1 | |
| PHP PHP | =5.4.15-rc1 | |
| PHP PHP | =5.4.16-rc1 | |
| PHP PHP | =5.4.17 | |
| PHP PHP | =5.4.18 | |
| PHP PHP | =5.4.19 | |
| PHP PHP | =5.4.20 | |
| PHP PHP | =5.4.21 | |
| PHP PHP | =5.4.22 | |
| PHP PHP | =5.4.23 | |
| PHP PHP | =5.4.24 | |
| PHP PHP | =5.4.25 | |
| PHP PHP | =5.4.26 | |
| PHP PHP | =5.4.27 | |
| PHP PHP | =5.4.28 | |
| PHP PHP | =5.5.0 | |
| PHP PHP | =5.5.0-alpha1 | |
| PHP PHP | =5.5.0-alpha2 | |
| PHP PHP | =5.5.0-alpha3 | |
| PHP PHP | =5.5.0-alpha4 | |
| PHP PHP | =5.5.0-alpha5 | |
| PHP PHP | =5.5.0-alpha6 | |
| PHP PHP | =5.5.0-beta1 | |
| PHP PHP | =5.5.0-beta2 | |
| PHP PHP | =5.5.0-beta3 | |
| PHP PHP | =5.5.0-beta4 | |
| PHP PHP | =5.5.0-rc1 | |
| PHP PHP | =5.5.0-rc2 | |
| PHP PHP | =5.5.1 | |
| PHP PHP | =5.5.2 | |
| PHP PHP | =5.5.3 | |
| PHP PHP | =5.5.4 | |
| PHP PHP | =5.5.5 | |
| PHP PHP | =5.5.6 | |
| PHP PHP | =5.5.7 | |
| PHP PHP | =5.5.8 | |
| PHP PHP | =5.5.9 | |
| PHP PHP | =5.5.10 | |
| PHP PHP | =5.5.11 | |
| PHP PHP | =5.5.12 | |
| PHP PHP | =5.5.13 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html
- http://lists.opensuse.org/opensuse-updates/2014-09/msg00046.html
- http://marc.info/?l=bugtraq&m=141017844705317&w=2
- http://mx.gw.com/pipermail/file/2014/001553.html
- http://rhn.redhat.com/errata/RHSA-2014-1327.html
- http://rhn.redhat.com/errata/RHSA-2014-1765.html
- http://rhn.redhat.com/errata/RHSA-2014-1766.html
- http://secunia.com/advisories/59794
- http://secunia.com/advisories/59831
- http://support.apple.com/kb/HT6443
- http://www.debian.org/security/2014/dsa-2974
- http://www.debian.org/security/2014/dsa-3021
- http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html
- http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html
- http://www.php.net/ChangeLog-5.php
- http://www.securityfocus.com/bid/68239
- https://bugs.php.net/bug.php?id=67410
- https://github.com/file/file/commit/27a14bc7ba285a0a5ebfdb55e54001aa11932b08
- https://support.apple.com/HT204659
- collector/nvd-index
- agent/weakness
- agent/tags
- agent/event
- agent/severity
- agent/author
- agent/references
- agent/description
- agent/type
- agent/remedy
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- collector/mitre-cve
- source/MITRE
- vendor/christos zoulas
- canonical/christos zoulas file
- version/christos zoulas file/5.18
- version/christos zoulas file/5.00
- version/christos zoulas file/5.01
- version/christos zoulas file/5.02
- version/christos zoulas file/5.03
- version/christos zoulas file/5.04
- version/christos zoulas file/5.05
- version/christos zoulas file/5.06
- version/christos zoulas file/5.07
- version/christos zoulas file/5.08
- version/christos zoulas file/5.09
- version/christos zoulas file/5.10
- version/christos zoulas file/5.11
- version/christos zoulas file/5.12
- version/christos zoulas file/5.13
- version/christos zoulas file/5.14
- version/christos zoulas file/5.15
- version/christos zoulas file/5.16
- version/christos zoulas file/5.17
- vendor/php
- canonical/php php
- version/php php/5.4.29
- version/php php/5.4.0
- version/php php/5.4.1
- version/php php/5.4.2
- version/php php/5.4.3
- version/php php/5.4.4
- version/php php/5.4.5
- version/php php/5.4.6
- version/php php/5.4.7
- version/php php/5.4.8
- version/php php/5.4.9
- version/php php/5.4.10
- version/php php/5.4.11
- version/php php/5.4.12
- version/php php/5.4.12-rc1
- version/php php/5.4.12-rc2
- version/php php/5.4.13
- version/php php/5.4.13-rc1
- version/php php/5.4.14
- version/php php/5.4.14-rc1
- version/php php/5.4.15-rc1
- version/php php/5.4.16-rc1
- version/php php/5.4.17
- version/php php/5.4.18
- version/php php/5.4.19
- version/php php/5.4.20
- version/php php/5.4.21
- version/php php/5.4.22
- version/php php/5.4.23
- version/php php/5.4.24
- version/php php/5.4.25
- version/php php/5.4.26
- version/php php/5.4.27
- version/php php/5.4.28
- version/php php/5.5.0
- version/php php/5.5.0-alpha1
- version/php php/5.5.0-alpha2
- version/php php/5.5.0-alpha3
- version/php php/5.5.0-alpha4
- version/php php/5.5.0-alpha5
- version/php php/5.5.0-alpha6
- version/php php/5.5.0-beta1
- version/php php/5.5.0-beta2
- version/php php/5.5.0-beta3
- version/php php/5.5.0-beta4
- version/php php/5.5.0-rc1
- version/php php/5.5.0-rc2
- version/php php/5.5.1
- version/php php/5.5.2
- version/php php/5.5.3
- version/php php/5.5.4
- version/php php/5.5.5
- version/php php/5.5.6
- version/php php/5.5.7
- version/php php/5.5.8
- version/php php/5.5.9
- version/php php/5.5.10
- version/php php/5.5.11
- version/php php/5.5.12
- version/php php/5.5.13