|  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Sec Bug #68735 fileinfo out-of-bounds memory access
Submitted: 2015-01-03 17:48 UTC Modified: 2015-03-19 16:20 UTC
From: Assigned: ab (profile)
Status: Closed Package: *Directory/Filesystem functions
PHP Version: 5.4.* OS: any
Private report: No CVE-ID: 2014-9652
View Add Comment Developer Edit
Anyone can comment on a bug. Have a simpler test case? Does it work for you on a different platform? Let us know!
Just going to say 'Me too!'? Don't clutter the database with that please !
Your email address:
Solve the problem:
6 + 43 = ?
Subscribe to this entry?

 [2015-01-03 17:48 UTC]
The bug reported here pulls through all the PHP versions and can cause out-of-bounds read access. The issue was fixed mainstream in libmagic 5.21. I'm going to prepare a patch and suitable test.

See also the related security item in


bug68735.patch (last revision 2015-01-03 18:17 UTC by

Add a Patch

Pull Requests

Add a Pull Request


AllCommentsChangesGit/SVN commitsRelated reports
 [2015-01-03 17:48 UTC]
-Assigned To: +Assigned To: ab
 [2015-01-03 18:17 UTC]
The following patch has been added/updated:

Patch Name: bug68735.patch
Revision:   1420309079
 [2015-01-03 18:19 UTC]
The jpg file from the ticket mentioned above should be used.
 [2015-01-03 23:42 UTC]
-PHP Version: Irrelevant +PHP Version: 5.4.*
 [2015-01-03 23:42 UTC]
I guess this should go in all 5.4+ versions. Since the issue seems to be already public, should we commit now?
 [2015-01-04 13:30 UTC]
-Status: Assigned +Status: Closed
 [2015-01-04 13:30 UTC]
Ok, pushed now, it's in ede59c8feb4b80e1b94e4abdaa0711051e2912ab but seems to not to close automatically. Would probably be made open after the release first?
 [2015-01-04 22:06 UTC]
I think if the patch is out we can also open the bug since it has nothing here that's not in the public already.
 [2015-03-19 16:20 UTC]
-CVE-ID: +CVE-ID: 2014-9652
 [2015-03-19 16:20 UTC]
Adding CVE per
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Fri Apr 12 15:01:30 2024 UTC