Buffer overflow in the mconvert function in softmagic.c in file before 5.19, as used in the Fileinfo component in PHP before 5.4.30 and 5.5.x before 5.5.14, allows remote attackers to cause a denial of service (application crash) via a crafted Pascal string in a FILE_PSTRING conversion.
2014-07-09T11:07:01.587
2025-04-12T10:46:40.837
Deferred
CVSSv2: 5.0 (MEDIUM)
AV:N/AC:L/Au:N/C:N/I:N/A:P
10.0
2.9
| Type | Vendor | Product | Version/Range | Vulnerable? |
|---|---|---|---|---|
| Application | christos_zoulas | file | ≤ 5.18 | Yes |
| Application | christos_zoulas | file | 5.00 | Yes |
| Application | christos_zoulas | file | 5.01 | Yes |
| Application | christos_zoulas | file | 5.02 | Yes |
| Application | christos_zoulas | file | 5.03 | Yes |
| Application | christos_zoulas | file | 5.04 | Yes |
| Application | christos_zoulas | file | 5.05 | Yes |
| Application | christos_zoulas | file | 5.06 | Yes |
| Application | christos_zoulas | file | 5.07 | Yes |
| Application | christos_zoulas | file | 5.08 | Yes |
| Application | christos_zoulas | file | 5.09 | Yes |
| Application | christos_zoulas | file | 5.10 | Yes |
| Application | christos_zoulas | file | 5.11 | Yes |
| Application | christos_zoulas | file | 5.12 | Yes |
| Application | christos_zoulas | file | 5.13 | Yes |
| Application | christos_zoulas | file | 5.14 | Yes |
| Application | christos_zoulas | file | 5.15 | Yes |
| Application | christos_zoulas | file | 5.16 | Yes |
| Application | christos_zoulas | file | 5.17 | Yes |
| Application | php | php | ≤ 5.4.29 | Yes |
| Application | php | php | 5.4.0 | Yes |
| Application | php | php | 5.4.1 | Yes |
| Application | php | php | 5.4.2 | Yes |
| Application | php | php | 5.4.3 | Yes |
| Application | php | php | 5.4.4 | Yes |
| Application | php | php | 5.4.5 | Yes |
| Application | php | php | 5.4.6 | Yes |
| Application | php | php | 5.4.7 | Yes |
| Application | php | php | 5.4.8 | Yes |
| Application | php | php | 5.4.9 | Yes |
| Application | php | php | 5.4.10 | Yes |
| Application | php | php | 5.4.11 | Yes |
| Application | php | php | 5.4.12 | Yes |
| Application | php | php | 5.4.12 | Yes |
| Application | php | php | 5.4.12 | Yes |
| Application | php | php | 5.4.13 | Yes |
| Application | php | php | 5.4.13 | Yes |
| Application | php | php | 5.4.14 | Yes |
| Application | php | php | 5.4.14 | Yes |
| Application | php | php | 5.4.15 | Yes |
| Application | php | php | 5.4.16 | Yes |
| Application | php | php | 5.4.17 | Yes |
| Application | php | php | 5.4.18 | Yes |
| Application | php | php | 5.4.19 | Yes |
| Application | php | php | 5.4.20 | Yes |
| Application | php | php | 5.4.21 | Yes |
| Application | php | php | 5.4.22 | Yes |
| Application | php | php | 5.4.23 | Yes |
| Application | php | php | 5.4.24 | Yes |
| Application | php | php | 5.4.25 | Yes |
| Application | php | php | 5.4.26 | Yes |
| Application | php | php | 5.4.27 | Yes |
| Application | php | php | 5.4.28 | Yes |
| Application | php | php | 5.5.0 | Yes |
| Application | php | php | 5.5.0 | Yes |
| Application | php | php | 5.5.0 | Yes |
| Application | php | php | 5.5.0 | Yes |
| Application | php | php | 5.5.0 | Yes |
| Application | php | php | 5.5.0 | Yes |
| Application | php | php | 5.5.0 | Yes |
| Application | php | php | 5.5.0 | Yes |
| Application | php | php | 5.5.0 | Yes |
| Application | php | php | 5.5.0 | Yes |
| Application | php | php | 5.5.0 | Yes |
| Application | php | php | 5.5.0 | Yes |
| Application | php | php | 5.5.0 | Yes |
| Application | php | php | 5.5.1 | Yes |
| Application | php | php | 5.5.2 | Yes |
| Application | php | php | 5.5.3 | Yes |
| Application | php | php | 5.5.4 | Yes |
| Application | php | php | 5.5.5 | Yes |
| Application | php | php | 5.5.6 | Yes |
| Application | php | php | 5.5.7 | Yes |
| Application | php | php | 5.5.8 | Yes |
| Application | php | php | 5.5.9 | Yes |
| Application | php | php | 5.5.10 | Yes |
| Application | php | php | 5.5.11 | Yes |
| Application | php | php | 5.5.12 | Yes |
| Application | php | php | 5.5.13 | Yes |