Description
** DISPUTED ** The apprentice_load function in libmagic/apprentice.c in the Fileinfo component in PHP through 5.6.4 attempts to perform a free operation on a stack-based character array, which allows remote attackers to cause a denial of service (memory corruption or application crash) or possibly have unspecified other impact via unknown vectors. NOTE: this is disputed by the vendor because the standard erealloc behavior makes the free operation unreachable.
Remediation
References
Related Vulnerabilities
WordPress Plugin Side Menu Lite-add sticky fixed buttons SQL Injection (2.2.5)
WordPress Plugin Attached images title editor Cross-Site Scripting (1.1.1)
WordPress Plugin Appointment Hour Booking-WordPress Booking Cross-Site Scripting (1.3.15)
WordPress Plugin Essential Real Estate Cross-Site Scripting (1.7.1)