Description
The file_check_mem function in funcs.c in file before 5.23, as used in the Fileinfo component in PHP before 5.5.34, 5.6.x before 5.6.20, and 7.x before 7.0.5, mishandles continuation-level jumps, which allows context-dependent attackers to cause a denial of service (buffer overflow and application crash) or possibly execute arbitrary code via a crafted magic file.
Remediation
References
Related Vulnerabilities
WordPress Plugin BJ Lazy Load Remote Code Execution (0.7.5)
PHP Other Vulnerability (CVE-2007-2369)
WordPress Plugin Anti-Malware Security and Brute-Force Firewall Cross-Site Scripting (1.2.05.20)
WordPress Plugin iThemes Security (formerly Better WP Security) Cross-Site Scripting (5.6.1)
MediaWiki Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2013-4306)