|  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Sec Bug #68735 fileinfo out-of-bounds memory access
Submitted: 2015-01-03 17:48 UTC Modified: 2015-03-19 16:20 UTC
From: Assigned: ab (profile)
Status: Closed Package: *Directory/Filesystem functions
PHP Version: 5.4.* OS: any
Private report: No CVE-ID: 2014-9652
 [2015-01-03 17:48 UTC]
The bug reported here pulls through all the PHP versions and can cause out-of-bounds read access. The issue was fixed mainstream in libmagic 5.21. I'm going to prepare a patch and suitable test.

See also the related security item in


bug68735.patch (last revision 2015-01-03 18:17 UTC by

Add a Patch

Pull Requests

Add a Pull Request


AllCommentsChangesGit/SVN commitsRelated reports
 [2015-01-03 17:48 UTC]
-Assigned To: +Assigned To: ab
 [2015-01-03 18:17 UTC]
The following patch has been added/updated:

Patch Name: bug68735.patch
Revision:   1420309079
 [2015-01-03 18:19 UTC]
The jpg file from the ticket mentioned above should be used.
 [2015-01-03 23:42 UTC]
-PHP Version: Irrelevant +PHP Version: 5.4.*
 [2015-01-03 23:42 UTC]
I guess this should go in all 5.4+ versions. Since the issue seems to be already public, should we commit now?
 [2015-01-04 13:30 UTC]
-Status: Assigned +Status: Closed
 [2015-01-04 13:30 UTC]
Ok, pushed now, it's in ede59c8feb4b80e1b94e4abdaa0711051e2912ab but seems to not to close automatically. Would probably be made open after the release first?
 [2015-01-04 22:06 UTC]
I think if the patch is out we can also open the bug since it has nothing here that's not in the public already.
 [2015-03-19 16:20 UTC]
-CVE-ID: +CVE-ID: 2014-9652
 [2015-03-19 16:20 UTC]
Adding CVE per
PHP Copyright © 2001-2022 The PHP Group
All rights reserved.
Last updated: Mon Dec 05 21:05:53 2022 UTC