Description
The mget function in libmagic/softmagic.c in the Fileinfo component in PHP 5.4.x before 5.4.16 allows remote attackers to cause a denial of service (invalid pointer dereference and application crash) via an MP3 file that triggers incorrect MIME type detection during access to an finfo object.
Remediation
References
Related Vulnerabilities
WordPress Plugin Tutor LMS-eLearning and online course solution Cross-Site Scripting (2.0.9)
WordPress Plugin Essential Widgets Security Bypass (1.8)
WordPress Plugin WP Fastest Cache Unspecified Vulnerability (0.8.8.5)
Dolibarr Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2023-38887)