Description

** DISPUTED ** The apprentice_load function in libmagic/apprentice.c in the Fileinfo component in PHP through 5.6.4 attempts to perform a free operation on a stack-based character array, which allows remote attackers to cause a denial of service (memory corruption or application crash) or possibly have unspecified other impact via unknown vectors. NOTE: this is disputed by the vendor because the standard erealloc behavior makes the free operation unreachable.

Remediation

References

CVE-2014-9426

Related Vulnerabilities

WordPress Plugin Donation Thermometer Cross-Site Scripting (2.1.2)

Multiple SugarCRM Products Remote Code Execution Vulnerability (CVE-2023-22952)

WordPress Plugin spideranalyse Cross-Site Scripting (0.0.1)

math.js Improperly Controlled Modification of Dynamically-Determined Object Attributes Vulnerability (CVE-2020-7743)

WordPress Plugin WordPress Email Template Designer-WP HTML Mail HTML Injection (2.9.0.3)

Severity

High

Classification

CVE-2014-9426

Tags

Missing Update Known Vulnerabilities