Description
The apprentice_load function in libmagic/apprentice.c in the Fileinfo component in PHP through 5.6.4 attempts to perform a free operation on a stack-based character array, which allows remote attackers to cause a denial of service (memory corruption or application crash) or possibly have unspecified other impact via unknown vectors. NOTE: this is disputed by the vendor because the standard erealloc behavior makes the free operation unreachable
Remediation
References
Related Vulnerabilities
WordPress Plugin SI CAPTCHA Anti-Spam Cross-Site Scripting (2.7.5)
WordPress Plugin SEO Smart Links Cross-Site Scripting (3.0.1)
WordPress Plugin WooCommerce Stock Manager Cross-Site Request Forgery (2.5.7)
Joomla CVE-2021-23128 Vulnerability (CVE-2021-23128)
WordPress Plugin Animate It! Cross-Site Request Forgery (2.3.5)