php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Sec Bug #68735 fileinfo out-of-bounds memory access
Submitted: 2015-01-03 17:48 UTC Modified: 2015-03-19 16:20 UTC
From: ab@php.net Assigned: ab (profile)
Status: Closed Package: *Directory/Filesystem functions
PHP Version: 5.4.* OS: any
Private report: No CVE-ID: 2014-9652
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.
Password:
Status:
Package:
Bug Type:
Summary:
From: ab@php.net
New email:
PHP Version: OS:

 

 [2015-01-03 17:48 UTC] ab@php.net
Description:
------------
The bug reported here http://bugs.gw.com/view.php?id=398 pulls through all the PHP versions and can cause out-of-bounds read access. The issue was fixed mainstream https://github.com/file/file/commit/59e63838913eee47f5c120a6c53d4565af638158 in libmagic 5.21. I'm going to prepare a patch and suitable test.

See also the related security item in https://security-tracker.debian.org/tracker/TEMP-0000000-C482B4


Patches

bug68735.patch (last revision 2015-01-03 18:17 UTC by ab@php.net)

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2015-01-03 17:48 UTC] ab@php.net
-Assigned To: +Assigned To: ab
 [2015-01-03 18:17 UTC] ab@php.net
The following patch has been added/updated:

Patch Name: bug68735.patch
Revision:   1420309079
URL:        https://bugs.php.net/patch-display.php?bug=68735&patch=bug68735.patch&revision=1420309079
 [2015-01-03 18:19 UTC] ab@php.net
The jpg file from the ticket mentioned above http://bugs.gw.com/view.php?id=398 should be used.
 [2015-01-03 23:42 UTC] stas@php.net
-PHP Version: Irrelevant +PHP Version: 5.4.*
 [2015-01-03 23:42 UTC] stas@php.net
I guess this should go in all 5.4+ versions. Since the issue seems to be already public, should we commit now?
 [2015-01-04 13:30 UTC] ab@php.net
-Status: Assigned +Status: Closed
 [2015-01-04 13:30 UTC] ab@php.net
Ok, pushed now, it's in ede59c8feb4b80e1b94e4abdaa0711051e2912ab but seems to not to close automatically. Would probably be made open after the release first?
 [2015-01-04 22:06 UTC] stas@php.net
I think if the patch is out we can also open the bug since it has nothing here that's not in the public already.
 [2015-03-19 16:20 UTC] kaplan@php.net
-CVE-ID: +CVE-ID: 2014-9652
 [2015-03-19 16:20 UTC] kaplan@php.net
Adding CVE per http://seclists.org/oss-sec/2015/q1/432
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Fri Dec 13 08:01:36 2024 UTC