Bugzilla (bugzilla.redhat.com) will be under maintenance for infrastructure upgrades and will not be unavailable on July 31st between 12:30 AM - 05:30 AM UTC. We appreciate your understanding and patience. You can follow status.redhat.com for details.
Bug 977463 (CVE-2013-4636) - CVE-2013-4636 php: fileinfo: Invalid pointer dereference when checking mimetype of certain MP3 files
Summary: CVE-2013-4636 php: fileinfo: Invalid pointer dereference when checking mimety...
Keywords:
Status: CLOSED NOTABUG
Alias: CVE-2013-4636
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On:
Blocks: 977464
TreeView+ depends on / blocked
 
Reported: 2013-06-24 15:43 UTC by Jan Lieskovsky
Modified: 2021-02-17 07:34 UTC (History)
8 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2013-06-26 05:36:51 UTC


Attachments (Terms of Use)

Description Jan Lieskovsky 2013-06-24 15:43:17 UTC
Common Vulnerabilities and Exposures assigned an identifier CVE-2013-4636 to the following vulnerability:

The mget function in libmagic/softmagic.c in the Fileinfo component in PHP 5.4.x before 5.4.16 allows remote attackers to cause a denial of service (invalid pointer dereference and application crash) via an MP3 file that triggers incorrect MIME type detection during access to an finfo object.

References:
[1] http://www.php.net/ChangeLog-5.php
[2] https://bugs.php.net/bug.php?id=64830

Relevant upstream patch:
[3] http://git.php.net/?p=php-src.git;a=commit;h=74555e7c26b2c61bb8e67b7d6a6f4d2b8eb3a5f3

Comment 2 Huzaifa S. Sidhpurwala 2013-06-26 05:33:43 UTC
This issue was caused by the following upstream commit, which was applied between php-5.4.14 and php-5.4.15 releases:

http://git.php.net/?p=php-src.git;a=commit;h=10367fa7c6a4a2cf9bee02d8905e284185428f09

This commit upgrades the embedded version of libmagic to 5.14.
The versions of php and php53 as shipped with Red Hat Enterprise Linux 5 and 6, do not contain this commit and therefore are not affected by this flaw.

This issue was addressed in Fedora-18 via the following update:
https://admin.fedoraproject.org/updates/FEDORA-2013-10255

Comment 4 Huzaifa S. Sidhpurwala 2013-06-26 05:36:51 UTC
Statement:

Not Vulnerable. This issue does not affect the version of php as shipped with Red Hat Enterprise Linux 5 and 6. This issue does not affect the version of php53 as shipped with Red Hat Enterprise Linux 5.


Note You need to log in before you can comment on or make changes to this bug.