|  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Sec Bug #67329 fileinfo: NULL pointer deference flaw by processing certain CDF files
Submitted: 2014-05-22 14:31 UTC Modified: 2014-06-27 08:05 UTC
From: Assigned: ab (profile)
Status: Closed Package: Filesystem function related
PHP Version: 5.6 OS:
Private report: No CVE-ID: 2014-0236
 [2014-05-22 14:31 UTC]
CVE-2014-0236: NULL pointer deference flaw by processing certain CDF files with null value in root_storage.This bug has been introduced by:


Add a Patch

Pull Requests

Add a Pull Request


AllCommentsChangesGit/SVN commitsRelated reports
 [2014-05-22 14:32 UTC]
-CVE-ID: +CVE-ID: 2014-0236
 [2014-06-03 09:40 UTC]
-Status: Open +Status: Closed -Assigned To: +Assigned To: ab
 [2014-06-03 09:40 UTC]
The fix for this bug has been committed.

Snapshots of the sources are packaged every three hours; this change
will be in the next snapshot. You can grab the snapshot at

 For Windows:
Thank you for the report, and for helping us make PHP better.

Applied here;a=commitdiff;h=f3f22ff5c697aef854ffc1918bce708b37481b0f
 [2014-06-03 09:41 UTC]
-PHP Version: 5.4.28 +PHP Version: 5.6
 [2014-10-07 02:59 UTC] gbetz at tenable dot com
Does this affect all versions of PHP prior to 5.6.0?

Looking through the Git repos for other versions, this does not appear to be fixed in other versions (e.g. 5.5.x).
 [2014-10-07 06:40 UTC]
PHP 5.5 has libmagic 5.14 while PHP 5.6 has libmagic 5.17. AFAIK, 5.14 isn't affected.
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Wed Apr 17 13:02:26 2024 UTC