Bug 1188599 (CVE-2014-9652) - CVE-2014-9652 file: out of bounds read in mconvert()
Summary: CVE-2014-9652 file: out of bounds read in mconvert()
Status: NEW
Alias: CVE-2014-9652
Product: Security Response
Classification: Other
Component: vulnerability   
(Show other bugs)
Version: unspecified
Hardware: All
OS: Linux
low
low
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard: impact=low,public=20141111,reported=2...
Keywords: Security
Depends On: 1204765 1204766 1205733 1205734 1238984
Blocks: 1185412 1210213 1210268
TreeView+ depends on / blocked
 
Reported: 2015-02-03 10:58 UTC by Vasyl Kaigorodov
Modified: 2018-06-29 22:03 UTC (History)
20 users (show)

Fixed In Version: php 5.4.37, php 5.5.21, php 5.6.5, file 5.21
Doc Type: Bug Fix
Doc Text:
An ouf-of-bounds read flaw was found in the way the file utility processed certain Pascal strings. A remote attacker could cause an application using the file utility (for example, PHP using the fileinfo module) to crash if it was used to identify the type of the attacker-supplied file.
Story Points: ---
Clone Of:
Environment:
Last Closed:
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)


External Trackers
Tracker ID Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2015:1053 normal SHIPPED_LIVE Moderate: php55 security and bug fix update 2015-06-04 12:06:06 UTC
Red Hat Product Errata RHSA-2015:1066 normal SHIPPED_LIVE Important: php54 security and bug fix update 2015-06-05 15:42:20 UTC
Red Hat Product Errata RHSA-2015:1135 normal SHIPPED_LIVE Important: php security and bug fix update 2015-06-23 12:11:40 UTC
Red Hat Product Errata RHSA-2015:2155 normal SHIPPED_LIVE Moderate: file security and bug fix update 2015-11-19 08:39:11 UTC

Description Vasyl Kaigorodov 2015-02-03 10:58:47 UTC
Out of bounds memory read was reported in file utility [1], which also affects PHP fileinfo module.
Upstream fix that resolves this for file utility:
https://github.com/file/file/commit/59e63838913eee47f5c120a6c53d4565af638158

PHP upstream fix:
https://github.com/php/php-src/commit/ede59c8feb4b80e1b94e4abdaa0711051e2912ab

[1]: http://bugs.gw.com/view.php?id=398

Comment 1 Francisco Alonso 2015-03-23 15:17:13 UTC
Fixed upstream in PHP 5.6.5, 5.5.21 and 5.4.37:

http://php.net/ChangeLog-5.php#5.6.5
http://php.net/ChangeLog-5.php#5.5.21
http://php.net/ChangeLog-5.php#5.4.37

Comment 2 Francisco Alonso 2015-03-23 15:28:34 UTC
Fixed upstream in file 5.21:

http://bugs.gw.com/changelog_page.php?version_id=36

Comment 7 errata-xmlrpc 2015-06-04 08:03:41 UTC
This issue has been addressed in the following products:

  Red Hat Software Collections for Red Hat Enterprise Linux 7
  Red Hat Software Collections for Red Hat Enterprise Linux 6
  Red Hat Software Collections for Red Hat Enterprise Linux 6.6 EUS
  Red Hat Software Collections for Red Hat Enterprise Linux 6.5 EUS

Via RHSA-2015:1066 https://rhn.redhat.com/errata/RHSA-2015-1066.html

Comment 8 errata-xmlrpc 2015-06-04 08:07:05 UTC
This issue has been addressed in the following products:

  Red Hat Software Collections for Red Hat Enterprise Linux 7
  Red Hat Software Collections for Red Hat Enterprise Linux 6
  Red Hat Software Collections for Red Hat Enterprise Linux 6.6 EUS
  Red Hat Software Collections for Red Hat Enterprise Linux 6.5 EUS

Via RHSA-2015:1053 https://rhn.redhat.com/errata/RHSA-2015-1053.html

Comment 9 errata-xmlrpc 2015-06-23 08:12:01 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2015:1135 https://rhn.redhat.com/errata/RHSA-2015-1135.html

Comment 13 errata-xmlrpc 2015-11-19 08:10:02 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2015:2155 https://rhn.redhat.com/errata/RHSA-2015-2155.html


Note You need to log in before you can comment on or make changes to this bug.