CVE

Id
76727  
CVE No.
CVE-2014-9426  
Status
Candidate  
Description
** DISPUTED ** The apprentice_load function in libmagic/apprentice.c in the Fileinfo component in PHP through 5.6.4 attempts to perform a free operation on a stack-based character array, which allows remote attackers to cause a denial of service (memory corruption or application crash) or possibly have unspecified other impact via unknown vectors. NOTE: this is disputed by the vendor because the standard erealloc behavior makes the free operation unreachable.  
Phase
Assigned (20141229)  
Votes
None (candidate not yet proposed)  
Comments
 

Actions

Related CVE References

Id CVE Id CVE No. Reference Actions
705006 76727 CVE-2014-9426 CONFIRM:http://git.php.net/?p=php-src.git;a=commit;h=a72cd07f2983dc43a6bb35209dc4687852e53c09  View
705007 76727 CVE-2014-9426 CONFIRM:http://git.php.net/?p=php-src.git;a=commit;h=ef89ab2f99fbd9b7b714556d4f1f50644eb54191  View
705008 76727 CVE-2014-9426 CONFIRM:https://bugs.php.net/bug.php?id=68665  View
705009 76727 CVE-2014-9426 SUSE:openSUSE-SU-2015:0325  View

Related JVN

Id JVN No. Title Summary CVE No. CVE Id CVSS_v2 CVSS_v3 JVN URL Actions
18592 JVNDB-2014-007467 Absolut Engine の administrative バックエンドの admin/managerrelated.php におけるクロスサイトスクリプティングの脆弱性 Absolut Engine の 管理用バックエンド (administrative backend) の admin/managerrelated.php には、クロスサイトスクリプティングの脆弱性が存在します。 CVE-2014-9434 76727 3.5 http://jvndb.jvn.jp/ja/contents/2014/JVNDB-2014-007467.html  View