Description

The mget function in libmagic/softmagic.c in the Fileinfo component in PHP 5.4.x before 5.4.16 allows remote attackers to cause a denial of service (invalid pointer dereference and application crash) via an MP3 file that triggers incorrect MIME type detection during access to an finfo object.

Remediation

References

CVE-2013-4636

Related Vulnerabilities

WordPress Plugin Ninja Forms Contact Form-The Drag and Drop Form Builder for WordPress Cross-Site Scripting (3.4.22.1)

WebLogic CVE-2021-2214 Vulnerability (CVE-2021-2214)

PHP Deserialization of Untrusted Data Vulnerability (CVE-2016-7124)

WordPress Plugin rtMedia for WordPress, BuddyPress and bbPress Cross-Site Scripting (3.10.1)

WordPress Plugin Absolute Reviews Cross-Site Request Forgery (1.0.8)

Severity

Medium

Classification

CVE-2013-4636 CWE-20

Tags

Missing Update Known Vulnerabilities