Bug 1104863 (CVE-2014-3478) - CVE-2014-3478 file: mconvert incorrect handling of truncated pascal string size
Summary: CVE-2014-3478 file: mconvert incorrect handling of truncated pascal string size
Status: CLOSED ERRATA
Alias: CVE-2014-3478
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard: impact=moderate,public=20140627,repor...
Keywords: Security
Depends On: 1114448 1114450 1140026 1140027 1149768 1149774 1238984 1238985
Blocks: 1065838 1101912 1104865 1149858 1210268
TreeView+ depends on / blocked
 
Reported: 2014-06-04 20:48 UTC by Francisco Alonso
Modified: 2019-06-11 11:13 UTC (History)
4 users (show)

(edit)
A buffer overflow flaw was found in the way the File Information (fileinfo) extension processed certain Pascal strings. A remote attacker able to make a PHP application using fileinfo convert a specially crafted Pascal string provided by an image file could cause that application to crash.
Clone Of:
(edit)
Last Closed: 2019-06-08 02:33:17 UTC


Attachments (Terms of Use)


External Trackers
Tracker ID Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2014:1327 normal SHIPPED_LIVE Moderate: php security update 2014-09-30 13:09:42 UTC
PHP Bug Tracker 67410 None None None Never
Red Hat Product Errata RHSA-2014:1765 normal SHIPPED_LIVE Important: php54-php security update 2014-10-30 23:45:24 UTC
Red Hat Product Errata RHSA-2014:1766 normal SHIPPED_LIVE Important: php55-php security update 2014-10-30 23:45:12 UTC
Red Hat Product Errata RHSA-2015:2155 normal SHIPPED_LIVE Moderate: file security and bug fix update 2015-11-19 08:39:11 UTC

Description Francisco Alonso 2014-06-04 20:48:14 UTC
A flaw was found in the way file compute the truncated pascal string size in mconvert() function. 

Upstream commit:
https://github.com/file/file/commit/27a14bc7ba285a0a5ebfdb55e54001aa11932b08


Acknowledgment:

This issue was discovered by Francisco Alonso of Red Hat Product Security.

Comment 3 Francisco Alonso 2014-06-30 06:19:43 UTC
Created php tracking bugs for this issue:

Affects: fedora-all [bug 1114450]

Comment 4 Francisco Alonso 2014-06-30 06:19:46 UTC
Created file tracking bugs for this issue:

Affects: fedora-all [bug 1114448]

Comment 7 Fedora Update System 2014-07-05 14:53:46 UTC
file-5.19-1.fc20 has been pushed to the Fedora 20 stable repository.  If problems still persist, please make note of it in this bug report.

Comment 8 Murray McAllister 2014-07-08 04:56:38 UTC
Statement:

This issue did not affect the versions of file, php, and php53 as shipped with Red Hat Enterprise Linux 5 and 6.

This issue affects the versions of file as shipped with Red Hat Enterprise Linux 7. Red Hat Product Security has rated this issue as having Moderate security impact. A future update may address this issue. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.

Comment 12 Martin Prpič 2014-09-25 12:12:26 UTC
IssueDescription:

A buffer overflow flaw was found in the way the File Information (fileinfo) extension processed certain Pascal strings. A remote attacker able to make a PHP application using fileinfo convert a specially crafted Pascal string provided by an image file could cause that application to crash.

Comment 13 errata-xmlrpc 2014-09-30 09:10:02 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2014:1327 https://rhn.redhat.com/errata/RHSA-2014-1327.html

Comment 16 errata-xmlrpc 2014-10-30 19:46:14 UTC
This issue has been addressed in the following products:

  Red Hat Software Collections 1 for Red Hat Enterprise Linux 7
  Red Hat Software Collections 1 for Red Hat Enterprise Linux 6.5 EUS
  Red Hat Software Collections 1 for Red Hat Enterprise Linux 6.4 EUS
  Red Hat Software Collections 1 for Red Hat Enterprise Linux 6.6 EUS
  Red Hat Software Collections 1 for Red Hat Enterprise Linux 6

Via RHSA-2014:1766 https://rhn.redhat.com/errata/RHSA-2014-1766.html

Comment 17 errata-xmlrpc 2014-10-30 19:47:45 UTC
This issue has been addressed in the following products:

  Red Hat Software Collections 1 for Red Hat Enterprise Linux 7
  Red Hat Software Collections 1 for Red Hat Enterprise Linux 6.5 EUS
  Red Hat Software Collections 1 for Red Hat Enterprise Linux 6.4 EUS
  Red Hat Software Collections 1 for Red Hat Enterprise Linux 6.6 EUS
  Red Hat Software Collections 1 for Red Hat Enterprise Linux 6

Via RHSA-2014:1765 https://rhn.redhat.com/errata/RHSA-2014-1765.html

Comment 21 errata-xmlrpc 2015-11-19 08:09:04 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2015:2155 https://rhn.redhat.com/errata/RHSA-2015-2155.html


Note You need to log in before you can comment on or make changes to this bug.