Bug 977463 - (CVE-2013-4636) CVE-2013-4636 php (Fileinfo): Invalid pointer dereference when checking mimetype of certain MP3 files
CVE-2013-4636 php (Fileinfo): Invalid pointer dereference when checking mimet...
Status: CLOSED NOTABUG
Product: Security Response
Classification: Other
Component: vulnerability (Show other bugs)
unspecified
All Linux
medium Severity medium
: ---
: ---
Assigned To: Red Hat Product Security
impact=moderate,public=20130513,repor...
: Security
Depends On:
Blocks: 977464
  Show dependency treegraph
 
Reported: 2013-06-24 11:43 EDT by Jan Lieskovsky
Modified: 2013-06-26 01:36 EDT (History)
6 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2013-06-26 01:36:51 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Jan Lieskovsky 2013-06-24 11:43:17 EDT
Common Vulnerabilities and Exposures assigned an identifier CVE-2013-4636 to the following vulnerability:

The mget function in libmagic/softmagic.c in the Fileinfo component in PHP 5.4.x before 5.4.16 allows remote attackers to cause a denial of service (invalid pointer dereference and application crash) via an MP3 file that triggers incorrect MIME type detection during access to an finfo object.

References:
[1] http://www.php.net/ChangeLog-5.php
[2] https://bugs.php.net/bug.php?id=64830

Relevant upstream patch:
[3] http://git.php.net/?p=php-src.git;a=commit;h=74555e7c26b2c61bb8e67b7d6a6f4d2b8eb3a5f3
Comment 2 Huzaifa S. Sidhpurwala 2013-06-26 01:33:43 EDT
This issue was caused by the following upstream commit, which was applied between php-5.4.14 and php-5.4.15 releases:

http://git.php.net/?p=php-src.git;a=commit;h=10367fa7c6a4a2cf9bee02d8905e284185428f09

This commit upgrades the embedded version of libmagic to 5.14.
The versions of php and php53 as shipped with Red Hat Enterprise Linux 5 and 6, do not contain this commit and therefore are not affected by this flaw.

This issue was addressed in Fedora-18 via the following update:
https://admin.fedoraproject.org/updates/FEDORA-2013-10255
Comment 4 Huzaifa S. Sidhpurwala 2013-06-26 01:36:51 EDT
Statement:

Not Vulnerable. This issue does not affect the version of php as shipped with Red Hat Enterprise Linux 5 and 6. This issue does not affect the version of php53 as shipped with Red Hat Enterprise Linux 5.

Note You need to log in before you can comment on or make changes to this bug.