php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Sec Bug #68735 fileinfo out-of-bounds memory access
Submitted: 2015-01-03 17:48 UTC Modified: 2015-03-19 16:20 UTC
From: ab@php.net Assigned: ab (profile)
Status: Closed Package: *Directory/Filesystem functions
PHP Version: 5.4.* OS: any
Private report: No CVE-ID: 2014-9652
View Developer Edit
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.
Password:
Status:
Package:
Bug Type:
Summary:
From: ab@php.net
New email:
PHP Version: OS:

 

 [2015-01-03 17:48 UTC] ab@php.net 
Description:
------------
The bug reported here http://bugs.gw.com/view.php?id=398 pulls through all the PHP versions and can cause out-of-bounds read access. The issue was fixed mainstream https://github.com/file/file/commit/59e63838913eee47f5c120a6c53d4565af638158 in libmagic 5.21. I'm going to prepare a patch and suitable test.

See also the related security item in https://security-tracker.debian.org/tracker/TEMP-0000000-C482B4

Patches

bug68735.patch (last revision 2015-01-03 18:17 UTC by ab@php.net)

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2015-01-03 17:48 UTC] ab@php.net
-Assigned To: +Assigned To: ab
 [2015-01-03 18:17 UTC] ab@php.net 
The following patch has been added/updated:

Patch Name: bug68735.patch
Revision:   1420309079
URL:        https://bugs.php.net/patch-display.php?bug=68735&patch=bug68735.patch&revision=1420309079
 [2015-01-03 18:19 UTC] ab@php.net 
The jpg file from the ticket mentioned above http://bugs.gw.com/view.php?id=398 should be used.
 [2015-01-03 23:42 UTC] stas@php.net
-PHP Version: Irrelevant +PHP Version: 5.4.*
 [2015-01-03 23:42 UTC] stas@php.net 
I guess this should go in all 5.4+ versions. Since the issue seems to be already public, should we commit now?
 [2015-01-04 13:30 UTC] ab@php.net
-Status: Assigned +Status: Closed
 [2015-01-04 13:30 UTC] ab@php.net 
Ok, pushed now, it's in ede59c8feb4b80e1b94e4abdaa0711051e2912ab but seems to not to close automatically. Would probably be made open after the release first?
 [2015-01-04 22:06 UTC] stas@php.net 
I think if the patch is out we can also open the bug since it has nothing here that's not in the public already.
 [2015-03-19 16:20 UTC] kaplan@php.net
-CVE-ID: +CVE-ID: 2014-9652
 [2015-03-19 16:20 UTC] kaplan@php.net 
Adding CVE per http://seclists.org/oss-sec/2015/q1/432
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved. 		Last updated: Thu Nov 21 15:01:30 2024 UTC