php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Sec Bug #68735 fileinfo out-of-bounds memory access
Submitted: 2015-01-03 17:48 UTC Modified: 2015-03-19 16:20 UTC
From: ab@php.net Assigned: ab (profile)
Status: Closed Package: *Directory/Filesystem functions
PHP Version: 5.4.* OS: any
Private report: No CVE-ID: 2014-9652
View Add Comment Developer Edit
Anyone can comment on a bug. Have a simpler test case? Does it work for you on a different platform? Let us know!
Just going to say 'Me too!'? Don't clutter the database with that please !
Your email address:
MUST BE VALID
Solve the problem:
27 - 24 = ?
Subscribe to this entry?

 
 [2015-01-03 17:48 UTC] ab@php.net
Description:
------------
The bug reported here http://bugs.gw.com/view.php?id=398 pulls through all the PHP versions and can cause out-of-bounds read access. The issue was fixed mainstream https://github.com/file/file/commit/59e63838913eee47f5c120a6c53d4565af638158 in libmagic 5.21. I'm going to prepare a patch and suitable test.

See also the related security item in https://security-tracker.debian.org/tracker/TEMP-0000000-C482B4


Patches

bug68735.patch (last revision 2015-01-03 18:17 UTC by ab@php.net)

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2015-01-03 17:48 UTC] ab@php.net
-Assigned To: +Assigned To: ab
 [2015-01-03 18:17 UTC] ab@php.net
The following patch has been added/updated:

Patch Name: bug68735.patch
Revision:   1420309079
URL:        https://bugs.php.net/patch-display.php?bug=68735&patch=bug68735.patch&revision=1420309079
 [2015-01-03 18:19 UTC] ab@php.net
The jpg file from the ticket mentioned above http://bugs.gw.com/view.php?id=398 should be used.
 [2015-01-03 23:42 UTC] stas@php.net
-PHP Version: Irrelevant +PHP Version: 5.4.*
 [2015-01-03 23:42 UTC] stas@php.net
I guess this should go in all 5.4+ versions. Since the issue seems to be already public, should we commit now?
 [2015-01-04 13:30 UTC] ab@php.net
-Status: Assigned +Status: Closed
 [2015-01-04 13:30 UTC] ab@php.net
Ok, pushed now, it's in ede59c8feb4b80e1b94e4abdaa0711051e2912ab but seems to not to close automatically. Would probably be made open after the release first?
 [2015-01-04 22:06 UTC] stas@php.net
I think if the patch is out we can also open the bug since it has nothing here that's not in the public already.
 [2015-03-19 16:20 UTC] kaplan@php.net
-CVE-ID: +CVE-ID: 2014-9652
 [2015-03-19 16:20 UTC] kaplan@php.net
Adding CVE per http://seclists.org/oss-sec/2015/q1/432
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Thu Mar 28 21:01:27 2024 UTC