CVE-2014-9652
php5 - security update
EPSS 6.9%
描述
The mconvert function in softmagic.c in file before 5.21, as used in the Fileinfo component in PHP before 5.4.37, 5.5.x before 5.5.21, and 5.6.x before 5.6.5, does not properly handle a certain string-length field during a copy of a truncated version of a Pascal string, which might allow remote attackers to cause a denial of service (out-of-bounds memory access and application crash) via a crafted file.
如何修補 CVE-2014-9652
要修補 CVE-2014-9652,請將受影響套件升級到下列已修補版本。
- Debian/file—升級至 1:5.21+15-1 或更新版本
- Debian/php5—升級至 5.4.36-0+deb7u3 或更新版本
CVE-2014-9652 正在被利用嗎?
中等 — EPSS 為 6.9%,可持續追蹤但非最高優先。
受影響套件(2)
- from 0, < 1:5.21+15-1
- from 0, < 5.4.36-0+deb7u3