Bug 1188599 (CVE-2014-9652) - CVE-2014-9652 file: out of bounds read in mconvert()
Summary: CVE-2014-9652 file: out of bounds read in mconvert()
Keywords:
Status: CLOSED ERRATA
Alias: CVE-2014-9652
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
low
low
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 1204765 1204766 1205733 1205734 1238984
Blocks: 1185412 1210213 1210268
TreeView+ depends on / blocked
 
Reported: 2015-02-03 10:58 UTC by Vasyl Kaigorodov
Modified: 2019-09-29 13:27 UTC (History)
20 users (show)

Fixed In Version: php 5.4.37, php 5.5.21, php 5.6.5, file 5.21
Doc Type: Bug Fix
Doc Text:
An ouf-of-bounds read flaw was found in the way the file utility processed certain Pascal strings. A remote attacker could cause an application using the file utility (for example, PHP using the fileinfo module) to crash if it was used to identify the type of the attacker-supplied file.
Clone Of:
Environment:
Last Closed: 2019-06-08 02:38:39 UTC
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2015:1053 0 normal SHIPPED_LIVE Moderate: php55 security and bug fix update 2015-06-04 12:06:06 UTC
Red Hat Product Errata RHSA-2015:1066 0 normal SHIPPED_LIVE Important: php54 security and bug fix update 2015-06-05 15:42:20 UTC
Red Hat Product Errata RHSA-2015:1135 0 normal SHIPPED_LIVE Important: php security and bug fix update 2015-06-23 12:11:40 UTC
Red Hat Product Errata RHSA-2015:2155 0 normal SHIPPED_LIVE Moderate: file security and bug fix update 2015-11-19 08:39:11 UTC

Description Vasyl Kaigorodov 2015-02-03 10:58:47 UTC 
Out of bounds memory read was reported in file utility [1], which also affects PHP fileinfo module.
Upstream fix that resolves this for file utility:
https://github.com/file/file/commit/59e63838913eee47f5c120a6c53d4565af638158

PHP upstream fix:
https://github.com/php/php-src/commit/ede59c8feb4b80e1b94e4abdaa0711051e2912ab

[1]: http://bugs.gw.com/view.php?id=398
Comment 1 Francisco Alonso 2015-03-23 15:17:13 UTC 
Fixed upstream in PHP 5.6.5, 5.5.21 and 5.4.37:

http://php.net/ChangeLog-5.php#5.6.5
http://php.net/ChangeLog-5.php#5.5.21
http://php.net/ChangeLog-5.php#5.4.37
Comment 2 Francisco Alonso 2015-03-23 15:28:34 UTC 
Fixed upstream in file 5.21:

http://bugs.gw.com/changelog_page.php?version_id=36
Comment 7 errata-xmlrpc 2015-06-04 08:03:41 UTC 
This issue has been addressed in the following products:

  Red Hat Software Collections for Red Hat Enterprise Linux 7
  Red Hat Software Collections for Red Hat Enterprise Linux 6
  Red Hat Software Collections for Red Hat Enterprise Linux 6.6 EUS
  Red Hat Software Collections for Red Hat Enterprise Linux 6.5 EUS

Via RHSA-2015:1066 https://rhn.redhat.com/errata/RHSA-2015-1066.html
Comment 8 errata-xmlrpc 2015-06-04 08:07:05 UTC 
This issue has been addressed in the following products:

  Red Hat Software Collections for Red Hat Enterprise Linux 7
  Red Hat Software Collections for Red Hat Enterprise Linux 6
  Red Hat Software Collections for Red Hat Enterprise Linux 6.6 EUS
  Red Hat Software Collections for Red Hat Enterprise Linux 6.5 EUS

Via RHSA-2015:1053 https://rhn.redhat.com/errata/RHSA-2015-1053.html
Comment 9 errata-xmlrpc 2015-06-23 08:12:01 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2015:1135 https://rhn.redhat.com/errata/RHSA-2015-1135.html
Comment 13 errata-xmlrpc 2015-11-19 08:10:02 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2015:2155 https://rhn.redhat.com/errata/RHSA-2015-2155.html
Note You need to log in before you can comment on or make changes to this bug.