Your submission was sent successfully! Close

CVE-2014-9426

Published: 31 December 2014

** DISPUTED ** The apprentice_load function in libmagic/apprentice.c in the Fileinfo component in PHP through 5.6.4 attempts to perform a free operation on a stack-based character array, which allows remote attackers to cause a denial of service (memory corruption or application crash) or possibly have unspecified other impact via unknown vectors. NOTE: this is disputed by the vendor because the standard erealloc behavior makes the free operation unreachable.

Notes

AuthorNote
mdeslaur
this CVE has been disputed as it isn't exploitable.
Priority

Medium

Status

Package Release Status
file
Launchpad, Ubuntu, Debian
lucid Not vulnerable

precise Not vulnerable

trusty Not vulnerable

upstream Needs triage

utopic Not vulnerable

vivid Not vulnerable

php5
Launchpad, Ubuntu, Debian
lucid Not vulnerable

precise Not vulnerable

trusty Not vulnerable

upstream Needs triage

utopic Not vulnerable

vivid Not vulnerable