Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2014-9426

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2014-9426
Last Modified 16 Mar 2015 10:01:21
Published 30 Dec 2014 09:59:01
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2014-9426

Summary

** DISPUTED ** The apprentice_load function in libmagic/apprentice.c in the Fileinfo component in PHP through 5.6.4 attempts to perform a free operation on a stack-based character array, which allows remote attackers to cause a denial of service (memory corruption or application crash) or possibly have unspecified other impact via unknown vectors. NOTE: this is disputed by the vendor because the standard erealloc behavior makes the free operation unreachable.

Vulnerable Systems

Application

  • Php 5.6.4


References

CONFIRM - https://bugs.php.net/bug.php?id=68665

CONFIRM - http://git.php.net/?p=php-src.git;a=commit;h=ef89ab2f99fbd9b7b714556d4f1f50644eb54191

CONFIRM - http://git.php.net/?p=php-src.git;a=commit;h=a72cd07f2983dc43a6bb35209dc4687852e53c09

SUSE - openSUSE-SU-2015:0325


Last Updated: 27 May 2016 11:08:06