A flaw was found in the way file uses cdf_read_property_info function when checks stream offsets for certain Composite Document Format (CDF).An insufficient input validation flaw for p and q minimal and maximal value, leads to a pointer overflow.This issue only affects 32bit systems. 771 cdf_read_property_info(const cdf_stream_t *sst, const cdf_header_t *h .. 835 q = (const uint8_t *)(const void *) 836 ((const char *)(const void *)p + ofs 837 - 2 * sizeof(uint32_t)); 838 if (q > e) { 839 DPRINTF(("Ran of the end %p > %p\n", q, e)); 840 goto out; 841 } Upstream commit: https://github.com/file/file/commit/0641e56be1af003aa02c7c6b0184466540637233
This issue is public: http://lwn.net/Vulnerabilities/609180/
Created php tracking bugs for this issue: Affects: fedora-all [bug 1132788]
Created file tracking bugs for this issue: Affects: fedora-all [bug 1132787]
This is corrected in upstream PHP 5.5.16: http://php.net/ChangeLog-5.php#5.5.16
file-5.19-4.fc20 has been pushed to the Fedora 20 stable repository. If problems still persist, please make note of it in this bug report.
php-5.5.16-1.fc20 has been pushed to the Fedora 20 stable repository. If problems still persist, please make note of it in this bug report.
php-5.5.16-1.fc19 has been pushed to the Fedora 19 stable repository. If problems still persist, please make note of it in this bug report.
PHP commit: http://git.php.net/?p=php-src.git;a=patch;h=7ba1409a1aee5925180de546057ddd84ff267947
Statement: This issue did not affect the php and the file packages as shipped with Red Hat Enterprise Linux 5. This issue affects the versions of file as shipped with Red Hat Enterprise Linux 6 and 7. Red Hat Product Security has rated this issue as having Moderate security impact. A future update may address this issue. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.
IssueDescription: It was found that the fix for CVE-2012-1571 was incomplete; the File Information (fileinfo) extension did not correctly parse certain Composite Document Format (CDF) files. A remote attacker could use this flaw to crash a PHP application using fileinfo via a specially crafted CDF file.
This issue has been addressed in the following products: Red Hat Enterprise Linux 6 Red Hat Enterprise Linux 5 Via RHSA-2014:1326 https://rhn.redhat.com/errata/RHSA-2014-1326.html
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2014:1327 https://rhn.redhat.com/errata/RHSA-2014-1327.html
This issue has been addressed in the following products: Red Hat Software Collections 1 for Red Hat Enterprise Linux 7 Red Hat Software Collections 1 for Red Hat Enterprise Linux 6.5 EUS Red Hat Software Collections 1 for Red Hat Enterprise Linux 6.4 EUS Red Hat Software Collections 1 for Red Hat Enterprise Linux 6.6 EUS Red Hat Software Collections 1 for Red Hat Enterprise Linux 6 Via RHSA-2014:1766 https://rhn.redhat.com/errata/RHSA-2014-1766.html
This issue has been addressed in the following products: Red Hat Software Collections 1 for Red Hat Enterprise Linux 7 Red Hat Software Collections 1 for Red Hat Enterprise Linux 6.5 EUS Red Hat Software Collections 1 for Red Hat Enterprise Linux 6.4 EUS Red Hat Software Collections 1 for Red Hat Enterprise Linux 6.6 EUS Red Hat Software Collections 1 for Red Hat Enterprise Linux 6 Via RHSA-2014:1765 https://rhn.redhat.com/errata/RHSA-2014-1765.html
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2015:2155 https://rhn.redhat.com/errata/RHSA-2015-2155.html
This issue has been addressed in the following products: Red Hat Enterprise Linux 6 Via RHSA-2016:0760 https://rhn.redhat.com/errata/RHSA-2016-0760.html