|  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Sec Bug #67329 fileinfo: NULL pointer deference flaw by processing certain CDF files
Submitted: 2014-05-22 14:31 UTC Modified: 2014-06-27 08:05 UTC
From: Assigned: ab (profile)
Status: Closed Package: Filesystem function related
PHP Version: 5.6 OS:
Private report: No CVE-ID: 2014-0236
View Add Comment Developer Edit
Welcome! If you don't have a Git account, you can't do anything here.
You can add a comment by following this link or if you reported this bug, you can edit this bug over here.
Block user comment
Status: Assign to:
Bug Type:
New email:
PHP Version: OS:


 [2014-05-22 14:31 UTC]
CVE-2014-0236: NULL pointer deference flaw by processing certain CDF files with null value in root_storage.This bug has been introduced by:


Add a Patch

Pull Requests

Add a Pull Request


AllCommentsChangesGit/SVN commitsRelated reports
 [2014-05-22 14:32 UTC]
-CVE-ID: +CVE-ID: 2014-0236
 [2014-06-03 09:40 UTC]
-Status: Open +Status: Closed -Assigned To: +Assigned To: ab
 [2014-06-03 09:40 UTC]
The fix for this bug has been committed.

Snapshots of the sources are packaged every three hours; this change
will be in the next snapshot. You can grab the snapshot at

 For Windows:
Thank you for the report, and for helping us make PHP better.

Applied here;a=commitdiff;h=f3f22ff5c697aef854ffc1918bce708b37481b0f
 [2014-06-03 09:41 UTC]
-PHP Version: 5.4.28 +PHP Version: 5.6
 [2014-10-07 02:59 UTC] gbetz at tenable dot com
Does this affect all versions of PHP prior to 5.6.0?

Looking through the Git repos for other versions, this does not appear to be fixed in other versions (e.g. 5.5.x).
 [2014-10-07 06:40 UTC]
PHP 5.5 has libmagic 5.14 while PHP 5.6 has libmagic 5.17. AFAIK, 5.14 isn't affected.
PHP Copyright © 2001-2022 The PHP Group
All rights reserved.
Last updated: Fri Dec 09 16:05:53 2022 UTC