CVE-2014-9652

The mconvert function in softmagic.c in file before 5.21, as used in the Fileinfo component in PHP before 5.4.37, 5.5.x before 5.5.21, and 5.6.x before 5.6.5, does not properly handle a certain string-length field during a copy of a truncated version of a Pascal string, which might allow remote attackers to cause a denial of service (out-of-bounds memory access and application crash) via a crafted file.

CVSS v2.0 5.0 MEDIUM

5.0^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:L/Au:N/C:N/I:N/A:P

Exploitability : 10.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact PARTIAL

References

Link	Resource
https://github.com/file/file/commit/59e63838913eee47f5c120a6c53d4565af638158
https://bugs.php.net/patch-display.php?bug=68735&patch=bug68735.patch&revision=1420309079
http://bugs.gw.com/view.php?id=398
https://bugs.php.net/bug.php?id=68735
http://php.net/ChangeLog-5.php
http://openwall.com/lists/oss-security/2015/02/05/12
http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00004.html
http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00002.html
http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00003.html
https://support.apple.com/HT205267
http://lists.apple.com/archives/security-announce/2015/Sep/msg00008.html
http://rhn.redhat.com/errata/RHSA-2015-1135.html
http://marc.info/?l=bugtraq&m=143748090628601&w=2
http://marc.info/?l=bugtraq&m=144050155601375&w=2
http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html
http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html
http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html
http://www.securityfocus.com/bid/72505
http://rhn.redhat.com/errata/RHSA-2015-1066.html
http://rhn.redhat.com/errata/RHSA-2015-1053.html
https://security.gentoo.org/glsa/201701-42

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:php:php:5.5.0:alpha5::::::
	cpe:2.3:a:php:php:5.5.0:alpha6::::::
	cpe:2.3:a:php:php:5.5.0:alpha3::::::
	cpe:2.3:a:php:php:5.5.0:alpha4::::::
	cpe:2.3:a:php:php:5.5.0:rc1::::::
	cpe:2.3:a:php:php:5.5.0:rc2::::::
	cpe:2.3:a:php:php:5.5.16:::::::*
	cpe:2.3:a:php:php:5.5.17:::::::*
	cpe:2.3:a:php:php:5.5.5:::::::*
	cpe:2.3:a:php:php:5.5.6:::::::*
	cpe:2.3:a:php:php:5.6.0:alpha4::::::
	cpe:2.3:a:php:php:5.6.1:::::::*
	cpe:2.3:a:php:php:5.6.0:alpha5::::::
	cpe:2.3:a:php:php:5.5.19:::::::*
	cpe:2.3:a:php:php:5.5.0:::::::*
	cpe:2.3:a:php:php:5.6.0:beta1::::::
	cpe:2.3:a:php:php:5.5.1:::::::*
	cpe:2.3:a:php:php:5.6.4:::::::*
	cpe:2.3:a:php:php:5.5.7:::::::*
	cpe:2.3:a:php:php:5.5.0:beta1::::::
	cpe:2.3:a:php:php:5.5.12:::::::*
	cpe:2.3:a:php:php:5.5.8:::::::*
	cpe:2.3:a:php:php:5.6.0:beta4::::::
	cpe:2.3:a:php:php:5.5.0:beta2::::::
	cpe:2.3:a:php:php:5.5.11:::::::*
	cpe:2.3:a:php:php:5.5.13:::::::*
	cpe:2.3:a:php:php:5.6.0:alpha1::::::
	cpe:2.3:a:php:php:5.5.10:::::::*
	cpe:2.3:a:php:php:5.5.18:::::::*
	cpe:2.3:a:php:php:5.5.20:::::::*
	cpe:2.3:a:php:php:5.5.2:::::::*
	cpe:2.3:a:php:php::::::::
	cpe:2.3:a:php:php:5.5.9:::::::*
	cpe:2.3:a:php:php:5.5.0:alpha1::::::
	cpe:2.3:a:php:php:5.5.0:beta3::::::
	cpe:2.3:a:php:php:5.6.0:beta2::::::
	cpe:2.3:a:php:php:5.6.0:alpha3::::::
	cpe:2.3:a:php:php:5.5.14:::::::*
	cpe:2.3:a:php:php:5.6.2:::::::*
	cpe:2.3:a:php:php:5.6.0:beta3::::::
	cpe:2.3:a:php:php:5.5.0:beta4::::::
	cpe:2.3:a:php:php:5.5.3:::::::*
	cpe:2.3:a:php:php:5.5.15:::::::*
	cpe:2.3:a:php:php:5.6.0:alpha2::::::
	cpe:2.3:a:php:php:5.5.4:::::::*
	cpe:2.3:a:php:php:5.6.3:::::::*
	cpe:2.3:a:php:php:5.5.0:alpha2::::::

Configuration 2 (hide)

cpe:2.3:a:file_project:file:*:*:*:*:*:*:*:*

Information

Published : 2015-03-30 03:59

Updated : 2017-06-30 18:29

NVD link : CVE-2014-9652

Mitre link : CVE-2014-9652

JSON object : View

CWE

CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

Products Affected

file_project

file

php

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "https://github.com/file/file/commit/59e63838913eee47f5c120a6c53d4565af638158", "name": "https://github.com/file/file/commit/59e63838913eee47f5c120a6c53d4565af638158", "tags": [], "refsource": "CONFIRM"}, {"url": "https://bugs.php.net/patch-display.php?bug=68735&patch=bug68735.patch&revision=1420309079", "name": "https://bugs.php.net/patch-display.php?bug=68735&patch=bug68735.patch&revision=1420309079", "tags": [], "refsource": "CONFIRM"}, {"url": "http://bugs.gw.com/view.php?id=398", "name": "http://bugs.gw.com/view.php?id=398", "tags": [], "refsource": "CONFIRM"}, {"url": "https://bugs.php.net/bug.php?id=68735", "name": "https://bugs.php.net/bug.php?id=68735", "tags": [], "refsource": "CONFIRM"}, {"url": "http://php.net/ChangeLog-5.php", "name": "http://php.net/ChangeLog-5.php", "tags": [], "refsource": "CONFIRM"}, {"url": "http://openwall.com/lists/oss-security/2015/02/05/12", "name": "[oss-security] 20150205 Re: CVE Request: PHP/file: out-of-bounds memory access in softmagic", "tags": [], "refsource": "MLIST"}, {"url": "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00004.html", "name": "openSUSE-SU-2015:0440", "tags": [], "refsource": "SUSE"}, {"url": "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00002.html", "name": "SUSE-SU-2015:0424", "tags": [], "refsource": "SUSE"}, {"url": "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00003.html", "name": "SUSE-SU-2015:0436", "tags": [], "refsource": "SUSE"}, {"url": "https://support.apple.com/HT205267", "name": "https://support.apple.com/HT205267", "tags": [], "refsource": "CONFIRM"}, {"url": "http://lists.apple.com/archives/security-announce/2015/Sep/msg00008.html", "name": "APPLE-SA-2015-09-30-3", "tags": [], "refsource": "APPLE"}, {"url": "http://rhn.redhat.com/errata/RHSA-2015-1135.html", "name": "RHSA-2015:1135", "tags": [], "refsource": "REDHAT"}, {"url": "http://marc.info/?l=bugtraq&m=143748090628601&w=2", "name": "HPSBMU03380", "tags": [], "refsource": "HP"}, {"url": "http://marc.info/?l=bugtraq&m=144050155601375&w=2", "name": "HPSBMU03409", "tags": [], "refsource": "HP"}, {"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html", "name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html", "tags": [], "refsource": "CONFIRM"}, {"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html", "name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html", "tags": [], "refsource": "CONFIRM"}, {"url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html", "name": "http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html", "tags": [], "refsource": "CONFIRM"}, {"url": "http://www.securityfocus.com/bid/72505", "name": "72505", "tags": [], "refsource": "BID"}, {"url": "http://rhn.redhat.com/errata/RHSA-2015-1066.html", "name": "RHSA-2015:1066", "tags": [], "refsource": "REDHAT"}, {"url": "http://rhn.redhat.com/errata/RHSA-2015-1053.html", "name": "RHSA-2015:1053", "tags": [], "refsource": "REDHAT"}, {"url": "https://security.gentoo.org/glsa/201701-42", "name": "GLSA-201701-42", "tags": [], "refsource": "GENTOO"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "The mconvert function in softmagic.c in file before 5.21, as used in the Fileinfo component in PHP before 5.4.37, 5.5.x before 5.5.21, and 5.6.x before 5.6.5, does not properly handle a certain string-length field during a copy of a truncated version of a Pascal string, which might allow remote attackers to cause a denial of service (out-of-bounds memory access and application crash) via a crafted file."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-119"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2014-9652", "ASSIGNER": "cve@mitre.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "NONE"}, "severity": "MEDIUM", "impactScore": 2.9, "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}}, "publishedDate": "2015-03-30T10:59Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:php:php:5.5.0:alpha5:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:php:php:5.5.0:alpha6:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:php:php:5.5.0:alpha3:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:php:php:5.5.0:alpha4:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:php:php:5.5.0:rc1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:php:php:5.5.0:rc2:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:php:php:5.5.16:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:php:php:5.5.17:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:php:php:5.5.5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:php:php:5.5.6:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:php:php:5.6.0:alpha4:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:php:php:5.6.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:php:php:5.6.0:alpha5:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:php:php:5.5.19:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:php:php:5.5.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:php:php:5.6.0:beta1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:php:php:5.5.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:php:php:5.6.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:php:php:5.5.7:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:php:php:5.5.0:beta1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:php:php:5.5.12:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:php:php:5.5.8:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:php:php:5.6.0:beta4:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:php:php:5.5.0:beta2:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:php:php:5.5.11:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:php:php:5.5.13:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:php:php:5.6.0:alpha1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:php:php:5.5.10:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:php:php:5.5.18:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:php:php:5.5.20:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:php:php:5.5.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:php:php:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndIncluding": "5.4.36"}, {"cpe23Uri": "cpe:2.3:a:php:php:5.5.9:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:php:php:5.5.0:alpha1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:php:php:5.5.0:beta3:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:php:php:5.6.0:beta2:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:php:php:5.6.0:alpha3:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:php:php:5.5.14:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:php:php:5.6.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:php:php:5.6.0:beta3:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:php:php:5.5.0:beta4:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:php:php:5.5.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:php:php:5.5.15:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:php:php:5.6.0:alpha2:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:php:php:5.5.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:php:php:5.6.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:php:php:5.5.0:alpha2:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:file_project:file:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndIncluding": "5.20"}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2017-07-01T01:29Z"}

5.0 /10