Bugzilla – Bug 911663
VUL-0: CVE-2014-9426: php5: The apprentice_load function in libmagic/apprentice.c in the Fileinfo componentin PHP through 5.6.4...
Last modified: 2020-05-18 11:54:20 UTC
CVE-2014-9426 The apprentice_load function in libmagic/apprentice.c in the Fileinfo component in PHP through 5.6.4 attempts to perform a free operation on a stack-based character array, which allows remote attackers to cause a denial of service (memory corruption or application crash) or possibly have unspecified other impact via unknown vectors. References: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-9426 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9426 http://www.cvedetails.com/cve/CVE-2014-9426/ http://git.php.net/?p=php-src.git;a=commit;h=a72cd07f2983dc43a6bb35209dc4687852e53c09 https://bugs.php.net/bug.php?id=68665 http://git.php.net/?p=php-src.git;a=commit;h=ef89ab2f99fbd9b7b714556d4f1f50644eb54191
This is 5.6-only, that means 13.2 and Factory.
Fixed in devel project.
This is an autogenerated message for OBS integration: This bug (911663) was mentioned in https://build.opensuse.org/request/show/279961 Factory / php5
Packages submitted.
https://bugs.php.net/bug.php?id=68665 PHP is not affected as erealloc never return NULL.
openSUSE-SU-2015:0325-1: An update that fixes 5 vulnerabilities is now available. Category: security (moderate) Bug References: 907519,910659,911663,911664,914690 CVE References: CVE-2014-8142,CVE-2014-9426,CVE-2014-9427,CVE-2015-0231,CVE-2015-0232 Sources used: openSUSE 13.2 (src): php5-5.6.1-8.1 openSUSE 13.1 (src): php5-5.4.20-38.1