The apprentice_load function in libmagic/apprentice.c in the Fileinfo component in PHP through 5.6.4 attempts to perform a free operation on a stack-based character array, which allows remote attackers to cause a denial of service (memory corruption or application crash) or possibly have unspecified other impact via unknown vectors. NOTE: this is disputed by the vendor because the standard erealloc behavior makes the free operation unreachable
References
Configurations
History
07 Nov 2023, 02:23
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
Summary | The apprentice_load function in libmagic/apprentice.c in the Fileinfo component in PHP through 5.6.4 attempts to perform a free operation on a stack-based character array, which allows remote attackers to cause a denial of service (memory corruption or application crash) or possibly have unspecified other impact via unknown vectors. NOTE: this is disputed by the vendor because the standard erealloc behavior makes the free operation unreachable |
Information
Published : 2014-12-31 02:59
Updated : 2024-08-06 14:15
NVD link : CVE-2014-9426
Mitre link : CVE-2014-9426
CVE.ORG link : CVE-2014-9426
JSON object : View
Products Affected
php
- php
CWE
CWE-17
DEPRECATED: Code