Acunetix DAST powers runtime capabilities for Invicti’s complete AppSec platform. Visit Invicti for more.

WEB APPLICATION VULNERABILITIES Standard & Premium

PHP Improper Restriction of Operations within the Bounds of a Memory Buffer Vulnerability (CVE-2014-3478)

Description

Buffer overflow in the mconvert function in softmagic.c in file before 5.19, as used in the Fileinfo component in PHP before 5.4.30 and 5.5.x before 5.5.14, allows remote attackers to cause a denial of service (application crash) via a crafted Pascal string in a FILE_PSTRING conversion.

Remediation

References

Related Vulnerabilities

PHP Improper Restriction of Operations within the Bounds of a Memory Buffer Vulnerability (CVE-2012-2329)

WordPress Plugin WP Socializer-Simple & Easy Social Media Share Icons Cross-Site Scripting (2.4.2)

Mailman Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') Vulnerability (CVE-2020-12108)

Oracle HTTP Server Loop with Unreachable Exit Condition ('Infinite Loop') Vulnerability (CVE-2021-4182)

WordPress Plugin BuddyPress Information Disclosure (5.1.1)

Severity

Medium

Classification

CVE-2014-3478 CWE-119

Tags

Missing Update Known Vulnerabilities