Red Hat Security Advisory 2014-1327-01

Red Hat Security Advisory 2014-1327-01 – PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. PHP’s fileinfo module provides functions used to identify a particular file according to the type of data contained by the file. A buffer overflow flaw was found in the way the File Information extension processed certain Pascal strings. A remote attacker able to make a PHP application using fileinfo convert a specially crafted Pascal string provided by an image file could cause that application to crash. Multiple flaws were found in the File Information extension regular expression rules for detecting various files. A remote attacker could use either of these flaws to cause a PHP application using fileinfo to consume an excessive amount of CPU.

Leave a Reply