Description
The file_check_mem function in funcs.c in file before 5.23, as used in the Fileinfo component in PHP before 5.5.34, 5.6.x before 5.6.20, and 7.x before 7.0.5, mishandles continuation-level jumps, which allows context-dependent attackers to cause a denial of service (buffer overflow and application crash) or possibly execute arbitrary code via a crafted magic file.
Remediation
References
Related Vulnerabilities
Oracle JRE CVE-2012-5068 Vulnerability (CVE-2012-5068)
WordPress Plugin Cool Timeline (Horizontal & Vertical Timeline) Security Bypass (2.3.3)
MyBB Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2015-2335)
WordPress Plugin BuddyPress 'page' Parameter SQL Injection (1.5.4)