The file_check_mem function in funcs.c in file prior to 5.23, as used in the Fileinfo component in PHP prior to 5.5.34, 5.6.x prior to 5.6.20, and 7.x prior to 7.0.5, mishandles continuation-level jumps, which allows context-dependent malicious users to cause a denial of service (buffer overflow and application crash) or possibly execute arbitrary code via a crafted magic file.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
php php 5.6.1 |
||
php php 5.6.0 |
||
php php 5.6.5 |
||
php php 7.0.4 |
||
php php 5.6.12 |
||
php php 5.6.13 |
||
php php 5.6.4 |
||
php php 7.0.3 |
||
php php 5.6.6 |
||
php php 7.0.1 |
||
php php 5.6.18 |
||
php php 5.6.11 |
||
php php 5.6.2 |
||
php php 5.6.10 |
||
php php |
||
php php 5.6.7 |
||
php php 5.6.15 |
||
php php 7.0.2 |
||
php php 5.6.17 |
||
php php 5.6.16 |
||
php php 5.6.9 |
||
php php 5.6.3 |
||
php php 7.0.0 |
||
php php 5.6.8 |
||
php php 5.6.14 |
||
php php 5.6.19 |
||
apple mac os x |