Main Vulnerability Database Vulnerabilities #VU42773

#VU42773 Input validation error in PHP - CVE-2013-4636

Published: June 22, 2013 / Updated: August 11, 2020

Vulnerability identifier: #VU42773

Vulnerability risk: Medium

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2013-4636

CWE-ID: CWE-20

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
PHP

Software vendor:
PHP Group

Description

The vulnerability allows a remote non-authenticated attacker to perform service disruption.

The mget function in libmagic/softmagic.c in the Fileinfo component in PHP 5.4.x before 5.4.16 allows remote attackers to cause a denial of service (invalid pointer dereference and application crash) via an MP3 file that triggers incorrect MIME type detection during access to an finfo object.

Remediation

Install update from vendor's website.

External links

http://www.php.net/ChangeLog-5.php
https://bugs.php.net/bug.php?id=64830

#VU42773 Input validation error in PHP - CVE-2013-4636

Description

Remediation

External links

Please verify you're human