Red Hat Security Advisory 2016-0760-01 - The file command is used to identify a particular file according to the type of data the file contains. It can identify many different file types, including Executable and Linkable Format binary files, system libraries, RPM packages, and different graphics formats. Security Fix: Multiple flaws were found in the file regular expression rules for detecting various files. A remote attacker could use these flaws to cause file to consume an excessive amount of CPU.
2e3ee6fc54a9e04d8e7d163dfd9da4d7
Red Hat Security Advisory 2015-2155-07 - The file command is used to identify a particular file according to the type of data the file contains. It can identify many different file types, including Executable and Linkable Format binary files, system libraries, RPM packages, and different graphics formats. Multiple denial of service flaws were found in the way file parsed certain Composite Document Format files. A remote attacker could use either of these flaws to crash file, or an application using file, via a specially crafted CDF file.
40f106cc619275ee139fc296047437b0
Apple Security Advisory 2015-04-08-2 - OS X Yosemite 10.10.3 and Security Update 2015-004 are now available and address privilege escalation, code execution, information disclosure, and various other vulnerabilities.
c356febee6ec28bc63ed23a9ea49f4fd
Mandriva Linux Security Advisory 2015-080 - Multiple vulnerabilities have been discovered and corrected in php.
2de4bba25e6adea40f424ff2a5af9a53
Red Hat Security Advisory 2014-1766-01 - PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. A buffer overflow flaw was found in the Exif extension. A specially crafted JPEG or TIFF file could cause a PHP application using the exif_thumbnail() function to crash or, possibly, execute arbitrary code. Multiple buffer overflow flaws were found in the way PHP parsed DNS responses. A malicious DNS server or a man-in-the-middle attacker could use these flaws to crash or, possibly, execute arbitrary code with the privileges of a PHP application that uses the dns_get_record() function.
7fe38c5e0c8bfb3fe3e7d156b5d99a83
Red Hat Security Advisory 2014-1765-01 - PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. A buffer overflow flaw was found in the Exif extension. A specially crafted JPEG or TIFF file could cause a PHP application using the exif_thumbnail() function to crash or, possibly, execute arbitrary code. Multiple buffer overflow flaws were found in the way PHP parsed DNS responses. A malicious DNS server or a man-in-the-middle attacker could use these flaws to crash or, possibly, execute arbitrary code with the privileges of a PHP application that uses the dns_get_record() function.
8b153dfc0ddc7040e2e1c59c7eef20c3
Ubuntu Security Notice 2369-1 - It was discovered that file incorrectly handled certain CDF documents. A attacker could use this issue to cause file to hang or crash, resulting in a denial of service.
ba54454edc25727c2de7da3f01c53bcd
Red Hat Security Advisory 2014-1327-01 - PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. PHP's fileinfo module provides functions used to identify a particular file according to the type of data contained by the file. A buffer overflow flaw was found in the way the File Information extension processed certain Pascal strings. A remote attacker able to make a PHP application using fileinfo convert a specially crafted Pascal string provided by an image file could cause that application to crash. Multiple flaws were found in the File Information extension regular expression rules for detecting various files. A remote attacker could use either of these flaws to cause a PHP application using fileinfo to consume an excessive amount of CPU.
1bfdd2be975db73bc6235fad56471532
Red Hat Security Advisory 2014-1326-01 - PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. PHP's fileinfo module provides functions used to identify a particular file according to the type of data contained by the file. It was found that the fix for CVE-2012-1571 was incomplete; the File Information extension did not correctly parse certain Composite Document Format files. A remote attacker could use this flaw to crash a PHP application using fileinfo via a specially crafted CDF file. A NULL pointer dereference flaw was found in the gdImageCreateFromXpm() function of PHP's gd extension. A remote attacker could use this flaw to crash a PHP application using gd via a specially crafted X PixMap file.
9f729c80edb1b913da021ae9aead6097
Debian Linux Security Advisory 3021-1 - Multiple security issues have been found in file, a tool to determine a file type. These vulnerabilities allow remote attackers to cause a denial of service, via resource consumption or application crash.
6b0690a4f667c4dcba717146b49ace35
Debian Linux Security Advisory 3021-2 - This update corrects DSA 3021-1, which introduced a regression in the detection of a some "Composite Document Files" (CDF), marking them look as corrupted, with the error: "Can't expand summary_info".
7f73277b68e2744ae776ee776695aa12
Ubuntu Security Notice 2344-1 - It was discovered that the Fileinfo component in php5 contains an integer overflow. An attacker could use this flaw to cause a denial of service or possibly execute arbitrary code via a crafted CDF file. It was discovered that the php_parserr function contains multiple buffer overflows. An attacker could use this flaw to cause a denial of service or possibly execute arbitrary code via crafted DNS records.
d3b4ad4de5fdf06e7e8c2f9de75acc2e
Slackware Security Advisory - New php packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, and -current to fix security issues.
f88a8d0c7f47f10e69fa24ed54f7a66f
Mandriva Linux Security Advisory 2014-172 - The gdImageCreateFromXpm function in gdxpm.c in libgd, as used in PHP 5.4.26 and earlier, allows remote attackers to cause a denial of service via a crafted color table in an XPM file. file before 5.19 does not properly restrict the amount of data read during a regex search, which allows remote attackers to cause a denial of service via a crafted file that triggers backtracking during processing of an awk rule. Various other issues have also been addressed. The updated php packages have been upgraded to the 5.5.16 version resolve these security flaws. Additionally, php-apc has been rebuilt against the updated php packages and the php-timezonedb packages has been upgraded to the 2014.6 version.
233ab8bdca7744b6ef82e432fd9e42ad
Mandriva Linux Security Advisory 2014-167 - A flaw was found in the way file uses cdf_read_property_info function when checks stream offsets for certain Composite Document Format. An insufficient input validation flaw for p and q minimal and maximal value, leads to a pointer overflow. This issue only affects 32bit systems.
ef20edf04c62e29aafbfad5a9bc8b685
Debian Linux Security Advisory 3008-2 - This update corrects a packaging error for the packages released in DSA-3008-1. The new sessionclean script used in the updated cronjob in /etc/cron.d/php5 was not installed into the php5-common package. No other changes are introduced.
94ccce36e4523c5d83481c2b39de22e2
Debian Linux Security Advisory 3008-1 - Several vulnerabilities were found in PHP, a general-purpose scripting language commonly used for web application development.
c2df4e3a5b3dbc54373c9c10a9026788