CVE-2013-7345

EPSS 1.1%

php5 - security update

Published: 3/24/2014Modified: 4/28/2026

Also known as:DEBIAN-CVE-2013-7345

Description

The BEGIN regular expression in the awk script detector in magic/Magdir/commands in file before 5.15 uses multiple wildcards with unlimited repetitions, which allows context-dependent attackers to cause a denial of service (CPU consumption) via a crafted ASCII file that triggers a large amount of backtracking, as demonstrated via a file with many newline characters.

Affected packages (3)

Debian/filefrom 0, < 1:5.17-0.1
Debian/filefrom 0, < 5.04-5+squeeze4
Debian/php5from 0, < 5.4.34-0+deb7u1

References (1)

ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2013-7345