Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2014-9426


Vulnerability Score 7.5 7.5
CVE Id CVE-2014-9426
Last Modified 16 Mar 2015 10:01:21
Published 30 Dec 2014 09:59:01
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE



** DISPUTED ** The apprentice_load function in libmagic/apprentice.c in the Fileinfo component in PHP through 5.6.4 attempts to perform a free operation on a stack-based character array, which allows remote attackers to cause a denial of service (memory corruption or application crash) or possibly have unspecified other impact via unknown vectors. NOTE: this is disputed by the vendor because the standard erealloc behavior makes the free operation unreachable.

Vulnerable Systems


  • Php 5.6.4



CONFIRM -;a=commit;h=ef89ab2f99fbd9b7b714556d4f1f50644eb54191

CONFIRM -;a=commit;h=a72cd07f2983dc43a6bb35209dc4687852e53c09

SUSE - openSUSE-SU-2015:0325

Last Updated: 27 May 2016 11:08:06