tags 783099 unreproducible thanks Henri Salo wrote...
> When calling finfo::file() or finfo::buffer() with a crafted string, PHP will > crash by either segfaulting or trying to allocate an large amount of memory > (4GiB). (...) > > https://git.php.net/?p=php-src.git;a=commitdiff;h=f938112c495b0d26572435c0be73ac0bfe642ecd What kind of alert is this? * "Saw this, just forwarding, your job" * "Tried a few things, file seems to be robust, thought you might be interested anyway" * "It's vulnerable, reproducer attached/available upon request" So assuming the first: Using to the reproducer generators I was indeed able to segfault php5 in wheezy (both) and jessie (001 only) every time - not squeeze-lts though. However, running the file program against a dump of any generated file worked flawlessly. In fact, I couldn't trigger a segfault in any upstream release I've tested between 5.04 and 5.22. According to the patch php5 applied this seems to be a duplicate of CVE-2014-3538 which is fixed in all Debian versions of the file package. However, testing upstream commits around the fix (FILE5_18-69-g4a284c8g) still shows no abnormal behaviour. Also, php5 did fix this issue last year, too. However the softmagic.c file differs between file and php5 anyway so it might be a pure php5 problem. If you have different information, please submit in due course. Christoph
signature.asc
Description: Digital signature
