Description
The mget function in libmagic/softmagic.c in the Fileinfo component in PHP 5.4.x before 5.4.16 allows remote attackers to cause a denial of service (invalid pointer dereference and application crash) via an MP3 file that triggers incorrect MIME type detection during access to an finfo object.
Remediation
References
Related Vulnerabilities
WordPress Plugin Funky Penguin WP-PHPList 'unsubscribeemail' Parameter Cross-Site Scripting (2.10.2)
Restlet Framework XML Injection (aka Blind XPath Injection) Vulnerability (CVE-2013-4221)
MediaWiki Improper Input Validation Vulnerability (CVE-2011-1580)
WordPress Plugin Related Posts by Zemanta Cross-Site Request Forgery (1.3.1)